From patchwork Fri Dec 21 20:43:33 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 10741043 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 2C6D46C5 for ; Fri, 21 Dec 2018 20:43:54 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 19E8328558 for ; Fri, 21 Dec 2018 20:43:54 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 09F2928892; Fri, 21 Dec 2018 20:43:54 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B185028558 for ; Fri, 21 Dec 2018 20:43:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388627AbeLUUnx (ORCPT ); Fri, 21 Dec 2018 15:43:53 -0500 Received: from mx1.polytechnique.org ([129.104.30.34]:49692 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2390488AbeLUUnx (ORCPT ); Fri, 21 Dec 2018 15:43:53 -0500 Received: from localhost.localdomain (89-156-252-9.rev.numericable.fr [89.156.252.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id D2179561205 for ; Fri, 21 Dec 2018 21:43:50 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 4/4] python/audit2allow: allow using audit2why as non-root user Date: Fri, 21 Dec 2018 21:43:33 +0100 Message-Id: <20181221204333.27445-4-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181221204333.27445-1-nicolas.iooss@m4x.org> References: <20181221204333.27445-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Fri Dec 21 21:43:51 2018 +0100 (CET)) X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Importing sepolicy as non-root on a system with SELinux causes the following exception to be raised: ValueError: No SELinux Policy installed Ignore this when using audit2why, which allows using it with option --policy as a non-root user. Signed-off-by: Nicolas Iooss --- python/audit2allow/audit2allow | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/python/audit2allow/audit2allow b/python/audit2allow/audit2allow index 195f151c6ca1..18fe0a531d02 100644 --- a/python/audit2allow/audit2allow +++ b/python/audit2allow/audit2allow @@ -242,7 +242,10 @@ class AuditToPolicy: def __output_audit2why(self): import selinux - import sepolicy + try: + import sepolicy + except (ImportError, ValueError): + sepolicy = None for i in self.__parser.avc_msgs: rc = i.type data = i.data @@ -262,11 +265,13 @@ class AuditToPolicy: if len(data) > 1: print("\tOne of the following booleans was set incorrectly.") for b in data: - print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0])) + if sepolicy is not None: + print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(b[0])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (b[0], b[1])) else: print("\tThe boolean %s was set incorrectly. " % (data[0][0])) - print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0])) + if sepolicy is not None: + print("\tDescription:\n\t%s\n" % sepolicy.boolean_desc(data[0][0])) print("\tAllow access by executing:\n\t# setsebool -P %s %d" % (data[0][0], data[0][1])) continue