55 lines
2.2 KiB
Diff
55 lines
2.2 KiB
Diff
|
From b2a54258b40b298037cc8ae686d31d7bab714720 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||
|
|
Date: Fri, 21 Dec 2018 21:43:33 +0100
|
||
|
|
Subject: [PATCH 114/170] python/audit2allow: allow using audit2why as non-root
|
||
|
|
user
|
||
|
|
|
||
|
|
Importing sepolicy as non-root on a system with SELinux causes the
|
||
|
|
following exception to be raised:
|
||
|
|
|
||
|
|
ValueError: No SELinux Policy installed
|
||
|
|
|
||
|
|
Ignore this when using audit2why, which allows using it with option
|
||
|
|
--policy as a non-root user.
|
||
|
|
|
||
|
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
||
|
|
---
|
||
|
|
python/audit2allow/audit2allow | 11 ++++++++---
|
||
|
|
1 file changed, 8 insertions(+), 3 deletions(-)
|
||
|
|
|
||
|
|
diff --git a/selinux-python-2.8/audit2allow/audit2allow b/selinux-python-2.8/audit2allow/audit2allow
|
||
|
|
index 195f151c..18fe0a53 100644
|
||
|
|
--- a/selinux-python-2.8/audit2allow/audit2allow
|
||
|
|
+++ b/selinux-python-2.8/audit2allow/audit2allow
|
||
|
|
@@ -242,7 +242,10 @@ class AuditToPolicy:
|
||
|
|
|
||
|
|
def __output_audit2why(self):
|
||
|
|
import selinux
|
||
|
|
- import sepolicy
|
||
|
|
+ try:
|
||
|
|
+ import sepolicy
|
||
|
|
+ except (ImportError, ValueError):
|
||
|
|
+ sepolicy = None
|
||
|
|
for i in self.__parser.avc_msgs:
|
||
|
|
rc = i.type
|
||
|
|
data = i.data
|
||
|
|
@@ -262,11 +265,13 @@ class AuditToPolicy:
|
||
|
|
if len(data) > 1:
|
||
|
|
print("\tOne of the following booleans was set incorrectly.")
|
||
|
|
for b in data:
|
||
|
|
- print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
|
||
|
|
+ if sepolicy is not None:
|
||
|
|
+ print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0]))
|
||
|
|
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1]))
|
||
|
|
else:
|
||
|
|
print("\tThe boolean %s was set incorrectly. " % (data[0][0]))
|
||
|
|
- print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
|
||
|
|
+ if sepolicy is not None:
|
||
|
|
+ print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0]))
|
||
|
|
print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1]))
|
||
|
|
continue
|
||
|
|
|
||
|
|
--
|
||
|
|
2.19.1
|
||
|
|
|