On Wed, Feb 7, 2024 at 10:11 AM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
>
> Entries in file_contexts.local are processed from the most recent one to
> the oldest, with first match being used. Therefore it is important to
> preserve their order when listing (semanage fcontext -lC) and exporting
> (semanage export).
>
> Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> Not sure if this is the best solution since the local file context
> customizations are still sorted in the output of "semanage fcontext -l".
> Adding a new section for "Local file context changes" would make it
> clear that such changes are treated differently, but it would make it
> harder to find context definitions affecting specific path.
> The most important part of this patch is the change to "customized"
> since that stops "semanage export | semanage import" from reordering the
> local customizations.
>
> Note: The order of dictionary.keys() is only guaranteed in python 3.6+.
>
> Note2: The change to fcontextPage can only be seen when the user
> disables ordering by "File specification" column, which is enabled by
> defalut.
>
> gui/fcontextPage.py | 6 +++++-
> python/semanage/seobject.py | 9 +++++++--
> 2 files changed, 12 insertions(+), 3 deletions(-)
>
> diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
> index 767664f2..c88df580 100644
> --- a/gui/fcontextPage.py
> +++ b/gui/fcontextPage.py
> @@ -133,7 +133,11 @@ class fcontextPage(semanagePage):
> self.fcontext = seobject.fcontextRecords()
> self.store.clear()
> fcon_dict = self.fcontext.get_all(self.local)
> - for k in sorted(fcon_dict.keys()):
> + if self.local:
> + fkeys = fcon_dict.keys()
> + else:
> + fkeys = sorted(fcon_dict.keys())
> + for k in fkeys:
> if not self.match(fcon_dict, k, filter):
> continue
> iter = self.store.append()
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index dfb15b1d..25ec4315 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -2735,7 +2735,7 @@ class fcontextRecords(semanageRecords):
> def customized(self):
> l = []
> fcon_dict = self.get_all(True)
> - for k in sorted(fcon_dict.keys()):
> + for k in fcon_dict.keys():
> if fcon_dict[k]:
> if fcon_dict[k][3]:
> l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
> @@ -2752,7 +2752,12 @@ class fcontextRecords(semanageRecords):
> if len(fcon_dict) != 0:
> if heading:
> print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
> - for k in sorted(fcon_dict.keys()):
> + # do not sort local customizations since they are evaluated based on the order they where added in
> + if locallist:
> + fkeys = fcon_dict.keys()
> + else:
> + fkeys = sorted(fcon_dict.keys())
> + for k in fkeys:
> if fcon_dict[k]:
> if is_mls_enabled:
> print("%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3], False)))
> --
> 2.43.0
>
>
