Re: [PATCH] python: Do not query the local database if the fcontext is non-local

James Carter <jwcart2@xxxxxxxxx> · Mon, 24 Oct 2022 14:51:14 -0400

On Wed, Oct 19, 2022 at 3:04 PM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> Vit Mojzis reports that an error message is produced when modifying
> a non-local fcontext.
>
> He gives the following example:
>   # semanage fcontext -f f -m -t passwd_file_t /etc/security/opasswd
>   libsemanage.dbase_llist_query: could not query record value (No such file or directory).
>
> When modifying an fcontext, the non-local database is checked for the
> key and then, if it is not found there, the local database is checked.
> If the key doesn't exist, then an error is raised. If the key exists
> then the local database is queried first and, if that fails, the non-
> local database is queried.
>
> The error is from querying the local database when the fcontext is in
> the non-local database.
>
> Instead, if the fcontext is in the non-local database, just query
> the non-local database. Only query the local database if the
> fcontext was found in it.
>
> Reported-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
> Signed-off-by: James Carter <jwcart2@xxxxxxxxx>

This has been merged.
Jim

> ---
>  python/semanage/seobject.py | 15 +++++++++------
>  1 file changed, 9 insertions(+), 6 deletions(-)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index 0782c082..d82da494 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2504,16 +2504,19 @@ class fcontextRecords(semanageRecords):
>          (rc, exists) = semanage_fcontext_exists(self.sh, k)
>          if rc < 0:
>              raise ValueError(_("Could not check if file context for %s is defined") % target)
> -        if not exists:
> +        if exists:
> +            try:
> +                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
> +            except OSError:
> +                raise ValueError(_("Could not query file context for %s") % target)
> +        else:
>              (rc, exists) = semanage_fcontext_exists_local(self.sh, k)
> +            if rc < 0:
> +                raise ValueError(_("Could not check if file context for %s is defined") % target)
>              if not exists:
>                  raise ValueError(_("File context for %s is not defined") % target)
> -
> -        try:
> -            (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
> -        except OSError:
>              try:
> -                (rc, fcontext) = semanage_fcontext_query(self.sh, k)
> +                (rc, fcontext) = semanage_fcontext_query_local(self.sh, k)
>              except OSError:
>                  raise ValueError(_("Could not query file context for %s") % target)
>
> --
> 2.37.3
>