semanage: fix error message for fcontext -m

Message ID	1471519081-26417-1-git-send-email-mvadkert@redhat.com (mailing list archive)
State	Not Applicable
Headers	show Return-Path: <selinux-bounces@tycho.nsa.gov> IronPort-PHdr: =?us-ascii?q?9a23=3AIrRJ+hwBtVNFU2DXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?0e0RIJqq85mqBkHD//Il1AaPBtSCragYwLGI++C4ACpbsM7H6ChDOLV3FDY9wf?= =?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?= =?us-ascii?q?K6zPF5LIiIzvjqbpqsSVOVkD32T1Iesrak7n9UOJ7oheqLAhA5558gHOrHpMdr?= =?us-ascii?q?Ye7kJTDnXXoSzB4Nyt9oVo6SVatqFp3cdBVaLnY/ZwFuQAX3wbKWR92OnH/VmG?= =?us-ascii?q?FFPOtTMgVTANnx5JBRXVxA3rVZf29C3hv6xy3zfJE9fxSOURWC6l9KNiVlfWgS?= =?us-ascii?q?sEOiQl8SmDj9J5gKFWug6JvRFzw4fIJoqSMawtLevmYdoGSD8ZDY5qXCtbD9b5?= =?us-ascii?q?NtMC?= IronPort-PHdr: =?us-ascii?q?9a23=3AojCzHxCTmcL3sdGCMwyHUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP79pcbcNUDSrc9gkEXOFd2CrakV0qyM7+u7ByRAuc/H6yFaNsQUFlcsso?= =?us-ascii?q?Y/p0QYGsmLCEn2frbBThcRO4B8bmJj5GyxKkNPGczzNBX4q3y26iMOSF2kbVIm?= =?us-ascii?q?btr8FoOatcmrzef6o8SVOFQRwmDhKugsZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?= =?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN9t4XXskzY?= =?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79Y2TOdJsn/U/gKUDih4r13SVe8jT?= =?us-ascii?q?kOOz006n3/kMF8jKtH5hmmokoskMbvfIiJOa8mLevmdtQASD8ZUw=3D=3D?= From: Miroslav Vadkerti <mvadkert@redhat.com> To: selinux@tycho.nsa.gov Subject: [PATCH] semanage: fix error message for fcontext -m Date: Thu, 18 Aug 2016 13:18:01 +0200 Message-Id: <1471519081-26417-1-git-send-email-mvadkert@redhat.com> Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

Message ID

1471519081-26417-1-git-send-email-mvadkert@redhat.com (mailing list archive)

State

Not Applicable

Headers

IronPort-PHdr: =?us-ascii?q?9a23=3AIrRJ+hwBtVNFU2DXCy+O+j09IxM/srCxBDY+r6Qd?=
	=?us-ascii?q?0e0RIJqq85mqBkHD//Il1AaPBtSCragYwLGI++C4ACpbsM7H6ChDOLV3FDY9wf?=
	=?us-ascii?q?0MmAIhBMPXQWbaF9XNKxIAIcJZSVV+9Gu6O0UGUOz3ZlnVv2HgpWVKQka3CwN5?=
	=?us-ascii?q?K6zPF5LIiIzvjqbpqsSVOVkD32T1Iesrak7n9UOJ7oheqLAhA5558gHOrHpMdr?=
	=?us-ascii?q?Ye7kJTDnXXoSzB4Nyt9oVo6SVatqFp3cdBVaLnY/ZwFuQAX3wbKWR92OnH/VmG?=
	=?us-ascii?q?FFPOtTMgVTANnx5JBRXVxA3rVZf29C3hv6xy3zfJE9fxSOURWC6l9KNiVlfWgS?=
	=?us-ascii?q?sEOiQl8SmDj9J5gKFWug6JvRFzw4fIJoqSMawtLevmYdoGSD8ZDY5qXCtbD9b5?=
	=?us-ascii?q?NtMC?=
IronPort-PHdr: =?us-ascii?q?9a23=3AojCzHxCTmcL3sdGCMwyHUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP79pcbcNUDSrc9gkEXOFd2CrakV0qyM7+u7ByRAuc/H6yFaNsQUFlcsso?=
	=?us-ascii?q?Y/p0QYGsmLCEn2frbBThcRO4B8bmJj5GyxKkNPGczzNBX4q3y26iMOSF2kbVIm?=
	=?us-ascii?q?btr8FoOatcmrzef6o8SVOFQRwmDhKugsZFXu9EOK55FQ2dMjYo8KiTLx6kNSfO?=
	=?us-ascii?q?pXwW46bXmypD3bovmKwZh47i5LsOgg/cMTGY/zfqA/UKAKRG9+azN9t4XXskzY?=
	=?us-ascii?q?QA+O4GYMenkHmRpPRQ7e5Vf1WYminDH9s79Y2TOdJsn/U/gKUDih4r13SVe8jT?=
	=?us-ascii?q?kOOz006n3/kMF8jKtH5hmmokoskMbvfIiJOa8mLevmdtQASD8ZUw=3D=3D?=
From: Miroslav Vadkerti <mvadkert@redhat.com>
To: selinux@tycho.nsa.gov
Subject: [PATCH] semanage: fix error message for fcontext -m
Date: Thu, 18 Aug 2016 13:18:01 +0200
Message-Id: <1471519081-26417-1-git-send-email-mvadkert@redhat.com>
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>

The type must be a file of device type, not a port type. Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com> --- policycoreutils/semanage/seobject.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Dac Override Aug. 18, 2016, 11:51 a.m. UTC | #1

On 08/18/2016 01:18 PM, Miroslav Vadkerti wrote:
> The type must be a file of device type, not a port type.
> 
> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>
> ---
>  policycoreutils/semanage/seobject.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
> index a6681f0..a34d20d 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -1937,7 +1937,7 @@ class fcontextRecords(semanageRecords):
>          if serange == "" and setype == "" and seuser == "":
>              raise ValueError(_("Requires setype, serange or seuser"))
>          if setype and setype not in self.valid_types:
> -            raise ValueError(_("Type %s is invalid, must be a port type") % setype)
> +            raise ValueError(_("Type %s is invalid, must be a file or device type") % setype)
>  
>          self.validate(target)
>  
> 

Hard-coded reference policy specific type attributes in seobject
(self.valid_types)

Stephen Smalley Aug. 18, 2016, 1:01 p.m. UTC | #2

On 08/18/2016 07:51 AM, Dominick Grift wrote:
> On 08/18/2016 01:18 PM, Miroslav Vadkerti wrote:
>> The type must be a file of device type, not a port type.
>> 
>> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com> --- 
>> policycoreutils/semanage/seobject.py | 2 +- 1 file changed, 1
>> insertion(+), 1 deletion(-)
>> 
>> diff --git a/policycoreutils/semanage/seobject.py
>> b/policycoreutils/semanage/seobject.py index a6681f0..a34d20d
>> 100644 --- a/policycoreutils/semanage/seobject.py +++
>> b/policycoreutils/semanage/seobject.py @@ -1937,7 +1937,7 @@
>> class fcontextRecords(semanageRecords): if serange == "" and
>> setype == "" and seuser == "": raise ValueError(_("Requires
>> setype, serange or seuser")) if setype and setype not in
>> self.valid_types: -            raise ValueError(_("Type %s is
>> invalid, must be a port type") % setype) +            raise
>> ValueError(_("Type %s is invalid, must be a file or device type")
>> % setype)
>> 
>> self.validate(target)
>> 
>> 
> 
> Hard-coded reference policy specific type attributes in seobject 
> (self.valid_types)

That's true, but not introduced by this patch.
Another example where we need some kind of key=value configuration
mapping that can be read by semanage/seobject rather than hardcoding
them.  Preferably automatically generated during refpolicy build so
that we don't have to manually keep it in sync.

For example,
valid_fcontext_type_attributes=file_type,device_type

Stephen Smalley Aug. 18, 2016, 7:26 p.m. UTC | #3

On 08/18/2016 07:18 AM, Miroslav Vadkerti wrote:
> The type must be a file of device type, not a port type.
> 
> Signed-off-by: Miroslav Vadkerti <mvadkert@redhat.com>

Thanks, applied.

> ---
>  policycoreutils/semanage/seobject.py | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
> index a6681f0..a34d20d 100644
> --- a/policycoreutils/semanage/seobject.py
> +++ b/policycoreutils/semanage/seobject.py
> @@ -1937,7 +1937,7 @@ class fcontextRecords(semanageRecords):
>          if serange == "" and setype == "" and seuser == "":
>              raise ValueError(_("Requires setype, serange or seuser"))
>          if setype and setype not in self.valid_types:
> -            raise ValueError(_("Type %s is invalid, must be a port type") % setype)
> +            raise ValueError(_("Type %s is invalid, must be a file or device type") % setype)
>  
>          self.validate(target)
>  
>

diff --git a/policycoreutils/semanage/seobject.py b/policycoreutils/semanage/seobject.py
index a6681f0..a34d20d 100644
--- a/policycoreutils/semanage/seobject.py
+++ b/policycoreutils/semanage/seobject.py
@@ -1937,7 +1937,7 @@  class fcontextRecords(semanageRecords):
         if serange == "" and setype == "" and seuser == "":
             raise ValueError(_("Requires setype, serange or seuser"))
         if setype and setype not in self.valid_types:
-            raise ValueError(_("Type %s is invalid, must be a port type") % setype)
+            raise ValueError(_("Type %s is invalid, must be a file or device type") % setype)
 
         self.validate(target)

semanage: fix error message for fcontext -m

Commit Message

Comments

Patch