On a SELinux disabled system `selinux.security_policyvers()` will fail;
do not bailout but use a fallback policy version to check if a binary
policy file with that extension exists.
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
python/audit2allow/sepolgen-ifgen | 22 ++++++++++++----------
1 file changed, 12 insertions(+), 10 deletions(-)
diff --git a/python/audit2allow/sepolgen-ifgen b/python/audit2allow/sepolgen-ifgen
index 4a71cda4..48e60f1d 100644
--- a/python/audit2allow/sepolgen-ifgen
+++ b/python/audit2allow/sepolgen-ifgen
@@ -69,7 +69,11 @@ def get_policy():
p = selinux.selinux_current_policy_path()
if p and os.path.exists(p):
return p
- i = selinux.security_policyvers()
+ try:
+ i = selinux.security_policyvers()
+ except OSError:
+ # SELinux Disabled Machine
+ i = 50 # some high enough default value
p = selinux.selinux_binary_policy_path() + "." + str(i)
while i > 0 and not os.path.exists(p):
i = i - 1
@@ -80,18 +84,16 @@ def get_policy():
def get_attrs(policy_path, attr_helper):
+ if not policy_path:
+ policy_path = get_policy()
+ if not policy_path:
+ sys.stderr.write("No installed policy to check\n")
+ return None
+
try:
- if not policy_path:
- policy_path = get_policy()
- if not policy_path:
- sys.stderr.write("No installed policy to check\n")
- return None
outfile = tempfile.NamedTemporaryFile()
except IOError as e:
- sys.stderr.write("could not open attribute output file\n")
- return None
- except OSError:
- # SELinux Disabled Machine
+ sys.stderr.write("could not open attribute output file: %s\n" % e)
return None
fd = open("/dev/null", "w")
--
2.27.0.rc2
