On Thu, Feb 29, 2024 at 9:17 AM James Carter <jwcart2@xxxxxxxxx> wrote:
>
> On Wed, Feb 7, 2024 at 10:11 AM Vit Mojzis <vmojzis@xxxxxxxxxx> wrote:
> >
> > Entries in file_contexts.local are processed from the most recent one to
> > the oldest, with first match being used. Therefore it is important to
> > preserve their order when listing (semanage fcontext -lC) and exporting
> > (semanage export).
> >
> > Signed-off-by: Vit Mojzis <vmojzis@xxxxxxxxxx>
>
> Acked-by: James Carter <jwcart2@xxxxxxxxx>
>
Merged.
Thanks,
Jim
> > ---
> > Not sure if this is the best solution since the local file context
> > customizations are still sorted in the output of "semanage fcontext -l".
> > Adding a new section for "Local file context changes" would make it
> > clear that such changes are treated differently, but it would make it
> > harder to find context definitions affecting specific path.
> > The most important part of this patch is the change to "customized"
> > since that stops "semanage export | semanage import" from reordering the
> > local customizations.
> >
> > Note: The order of dictionary.keys() is only guaranteed in python 3.6+.
> >
> > Note2: The change to fcontextPage can only be seen when the user
> > disables ordering by "File specification" column, which is enabled by
> > defalut.
> >
> > gui/fcontextPage.py | 6 +++++-
> > python/semanage/seobject.py | 9 +++++++--
> > 2 files changed, 12 insertions(+), 3 deletions(-)
> >
> > diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
> > index 767664f2..c88df580 100644
> > --- a/gui/fcontextPage.py
> > +++ b/gui/fcontextPage.py
> > @@ -133,7 +133,11 @@ class fcontextPage(semanagePage):
> > self.fcontext = seobject.fcontextRecords()
> > self.store.clear()
> > fcon_dict = self.fcontext.get_all(self.local)
> > - for k in sorted(fcon_dict.keys()):
> > + if self.local:
> > + fkeys = fcon_dict.keys()
> > + else:
> > + fkeys = sorted(fcon_dict.keys())
> > + for k in fkeys:
> > if not self.match(fcon_dict, k, filter):
> > continue
> > iter = self.store.append()
> > diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> > index dfb15b1d..25ec4315 100644
> > --- a/python/semanage/seobject.py
> > +++ b/python/semanage/seobject.py
> > @@ -2735,7 +2735,7 @@ class fcontextRecords(semanageRecords):
> > def customized(self):
> > l = []
> > fcon_dict = self.get_all(True)
> > - for k in sorted(fcon_dict.keys()):
> > + for k in fcon_dict.keys():
> > if fcon_dict[k]:
> > if fcon_dict[k][3]:
> > l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
> > @@ -2752,7 +2752,12 @@ class fcontextRecords(semanageRecords):
> > if len(fcon_dict) != 0:
> > if heading:
> > print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
> > - for k in sorted(fcon_dict.keys()):
> > + # do not sort local customizations since they are evaluated based on the order they where added in
> > + if locallist:
> > + fkeys = fcon_dict.keys()
> > + else:
> > + fkeys = sorted(fcon_dict.keys())
> > + for k in fkeys:
> > if fcon_dict[k]:
> > if is_mls_enabled:
> > print("%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3], False)))
> > --
> > 2.43.0
> >
> >
