python/semanage: Fix logger class definition

Commit Message

Vit Mojzis July 9, 2018, 6:29 p.m. UTC

Test if audit module is enabled so that logger class is defined
correctly.

Fixes:
"semanage fcontext -l" fails with "OSError: Protocol not supported" when
booting with audit=0

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 python/semanage/seobject.py | 2 ++
 1 file changed, 2 insertions(+)

Comments

Nicolas Iooss July 9, 2018, 7:03 p.m. UTC | #1

On Mon, Jul 9, 2018 at 8:29 PM, Vit Mojzis <vmojzis@redhat.com> wrote:
>
> Test if audit module is enabled so that logger class is defined
> correctly.
>
> Fixes:
> "semanage fcontext -l" fails with "OSError: Protocol not supported" when
> booting with audit=0
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
> ---
>  python/semanage/seobject.py | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
> index e5c81a7d..29b4afe0 100644
> --- a/python/semanage/seobject.py
> +++ b/python/semanage/seobject.py
> @@ -101,6 +101,8 @@ ftype_to_audit = {"": "any",
>
>  try:
>      import audit
> +    #test if audit module is enabled
> +    audit.audit_close(audit.audit_open())
>
>      class logger:
>

This looks good to me (Ack). For future reference, I was wondering
whether audit.audit_open() returns -1 or raises an exception if it
fails to open the audit log, and found the answer in audit's source
code (it raises an OSError, as expected [1], so the new code is fine).

While reviewing your patch, I encountered the bare "except:" right
after the definition of class logger. The exceptions which cause the
use of the fail-over logger class are not explicitly written and this
could cause issues, for example when someone tries to interrupt the
program with Ctrl-C while the code executes. Would it be possible to
replace this "except:" with "except ImportError, OSError:"? (This
could be done in another patch).

Thanks,
Nicolas

[1] https://github.com/linux-audit/audit-userspace/blob/v2.8.4/bindings/swig/src/auditswig.i#L27-L33)

Patch

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
index e5c81a7d..29b4afe0 100644
--- a/python/semanage/seobject.py
+++ b/python/semanage/seobject.py
@@ -101,6 +101,8 @@  ftype_to_audit = {"": "any",
 
 try:
     import audit
+    #test if audit module is enabled
+    audit.audit_close(audit.audit_open())
 
     class logger: