From patchwork Sat Nov 2 17:28:09 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11224179 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 548BB13BD for ; Sat, 2 Nov 2019 17:28:40 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2888221897 for ; Sat, 2 Nov 2019 17:28:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726675AbfKBR2j (ORCPT ); Sat, 2 Nov 2019 13:28:39 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:35601 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726554AbfKBR2j (ORCPT ); Sat, 2 Nov 2019 13:28:39 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 536F15648A9 for ; Sat, 2 Nov 2019 18:28:37 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 1/4] libselinux: compile Python bytecode when installing Python files Date: Sat, 2 Nov 2019 18:28:09 +0100 Message-Id: <20191102172812.22492-1-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.23.0 MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Nov 2 18:28:37 2019 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=921795648AA X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org When selinux module is imported from a Python script, the content of __init__.py is compiled into bytecode and the result is saved into a file if it is allowed. For example, when root runs with Python 3.7 a script that uses "import selinux" on a system where SELinux is in permissive mode, this file may be created: /usr/lib/python3.7/site-packages/selinux/__pycache__/__init__.cpython-37.pyc Prevent this file from being dynamically created by creating it when libselinux is installed, using "python -m compileall". Signed-off-by: Nicolas Iooss --- libselinux/src/Makefile | 1 + 1 file changed, 1 insertion(+) diff --git a/libselinux/src/Makefile b/libselinux/src/Makefile index 3b8bad810de0..349f957355c1 100644 --- a/libselinux/src/Makefile +++ b/libselinux/src/Makefile @@ -176,6 +176,7 @@ install-pywrap: pywrap $(PYTHON) setup.py install --prefix=$(PREFIX) `test -n "$(DESTDIR)" && echo --root $(DESTDIR)` install -m 644 $(SWIGPYOUT) $(DESTDIR)$(PYTHONLIBDIR)/selinux/__init__.py ln -sf --relative $(DESTDIR)$(PYTHONLIBDIR)/selinux/_selinux$(PYCEXT) $(DESTDIR)$(PYTHONLIBDIR)/_selinux$(PYCEXT) + $(PYTHON) -m compileall $(DESTDIR)$(PYTHONLIBDIR)/selinux install-rubywrap: rubywrap test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) From patchwork Sat Nov 2 17:28:10 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11224181 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 3669613BD for ; Sat, 2 Nov 2019 17:28:42 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 1F8E5217D9 for ; Sat, 2 Nov 2019 17:28:42 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726687AbfKBR2l (ORCPT ); Sat, 2 Nov 2019 13:28:41 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:51924 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726554AbfKBR2l (ORCPT ); Sat, 2 Nov 2019 13:28:41 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 565EC5648A9 for ; Sat, 2 Nov 2019 18:28:39 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 2/4] libsemanage: compile Python bytecode when installing Python files Date: Sat, 2 Nov 2019 18:28:10 +0100 Message-Id: <20191102172812.22492-2-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191102172812.22492-1-nicolas.iooss@m4x.org> References: <20191102172812.22492-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Nov 2 18:28:39 2019 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=9BC6D5648AA X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a cache file such as /usr/lib/python3.7/site-packages/__pycache__/semanage.cpython-37.pyc in order to prevent it from being dynamically created when semanage module is imported. Signed-off-by: Nicolas Iooss --- libsemanage/src/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libsemanage/src/Makefile b/libsemanage/src/Makefile index e029f0988dd8..a9adfa47bdc8 100644 --- a/libsemanage/src/Makefile +++ b/libsemanage/src/Makefile @@ -145,7 +145,7 @@ install-pywrap: pywrap test -d $(DESTDIR)$(PYTHONLIBDIR) || install -m 755 -d $(DESTDIR)$(PYTHONLIBDIR) install -m 755 $(SWIGSO) $(DESTDIR)$(PYTHONLIBDIR)/_semanage$(PYCEXT) install -m 644 semanage.py $(DESTDIR)$(PYTHONLIBDIR) - + $(PYTHON) -m compileall $(DESTDIR)$(PYTHONLIBDIR)/semanage.py install-rubywrap: rubywrap test -d $(DESTDIR)$(RUBYINSTALL) || install -m 755 -d $(DESTDIR)$(RUBYINSTALL) From patchwork Sat Nov 2 17:28:11 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11224183 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 6187A14DB for ; Sat, 2 Nov 2019 17:28:43 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4080F21897 for ; Sat, 2 Nov 2019 17:28:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726689AbfKBR2n (ORCPT ); Sat, 2 Nov 2019 13:28:43 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:41434 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726554AbfKBR2m (ORCPT ); Sat, 2 Nov 2019 13:28:42 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id C77CF5648A9 for ; Sat, 2 Nov 2019 18:28:40 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 3/4] python: compile Python bytecode when installing Python files Date: Sat, 2 Nov 2019 18:28:11 +0100 Message-Id: <20191102172812.22492-3-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191102172812.22492-1-nicolas.iooss@m4x.org> References: <20191102172812.22492-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Nov 2 18:28:41 2019 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=0D0485648AA X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a cache directory such as /usr/lib/python3.7/site-packages/sepolgen/__pycache__/ in order to prevent it from being dynamically created when sepolgen module is imported. Signed-off-by: Nicolas Iooss --- python/semanage/Makefile | 1 + python/sepolgen/src/sepolgen/Makefile | 1 + 2 files changed, 2 insertions(+) diff --git a/python/semanage/Makefile b/python/semanage/Makefile index 024e9640fed0..c6a16918360d 100644 --- a/python/semanage/Makefile +++ b/python/semanage/Makefile @@ -28,6 +28,7 @@ install: all done test -d $(DESTDIR)/$(PACKAGEDIR) || install -m 755 -d $(DESTDIR)/$(PACKAGEDIR) install -m 644 seobject.py $(DESTDIR)/$(PACKAGEDIR) + $(PYTHON) -m compileall $(DESTDIR)/$(PACKAGEDIR)/seobject.py -mkdir -p $(DESTDIR)$(BASHCOMPLETIONDIR) install -m 644 $(BASHCOMPLETIONS) $(DESTDIR)$(BASHCOMPLETIONDIR)/semanage diff --git a/python/sepolgen/src/sepolgen/Makefile b/python/sepolgen/src/sepolgen/Makefile index cac8def7204e..95a9d41571e7 100644 --- a/python/sepolgen/src/sepolgen/Makefile +++ b/python/sepolgen/src/sepolgen/Makefile @@ -8,6 +8,7 @@ all: install: all -mkdir -p $(DESTDIR)$(PACKAGEDIR) install -m 644 *.py $(DESTDIR)$(PACKAGEDIR) + $(PYTHON) -m compileall $(DESTDIR)$(PACKAGEDIR) clean: rm -f parser.out parsetab.py From patchwork Sat Nov 2 17:28:12 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Nicolas Iooss X-Patchwork-Id: 11224185 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id A005F14DB for ; Sat, 2 Nov 2019 17:28:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 88ED7217D9 for ; Sat, 2 Nov 2019 17:28:44 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726771AbfKBR2o (ORCPT ); Sat, 2 Nov 2019 13:28:44 -0400 Received: from mx1.polytechnique.org ([129.104.30.34]:57537 "EHLO mx1.polytechnique.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726554AbfKBR2o (ORCPT ); Sat, 2 Nov 2019 13:28:44 -0400 Received: from localhost.localdomain (85-168-38-217.rev.numericable.fr [85.168.38.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ssl.polytechnique.org (Postfix) with ESMTPSA id 16CE25648A9 for ; Sat, 2 Nov 2019 18:28:42 +0100 (CET) From: Nicolas Iooss To: selinux@vger.kernel.org Subject: [PATCH 4/4] gui: compile Python bytecode when installing Python files Date: Sat, 2 Nov 2019 18:28:12 +0100 Message-Id: <20191102172812.22492-4-nicolas.iooss@m4x.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191102172812.22492-1-nicolas.iooss@m4x.org> References: <20191102172812.22492-1-nicolas.iooss@m4x.org> MIME-Version: 1.0 X-AV-Checked: ClamAV using ClamSMTP at svoboda.polytechnique.org (Sat Nov 2 18:28:42 2019 +0100 (CET)) X-Spam-Flag: No, tests=bogofilter, spamicity=0.000000, queueID=5616C5648AA X-Org-Mail: nicolas.iooss.2010@polytechnique.org Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org Create a cache directory such as /usr/share/system-config-selinux/__pycache__/ in order to prevent it from being dynamically created when the gui is used. Signed-off-by: Nicolas Iooss --- gui/Makefile | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gui/Makefile b/gui/Makefile index ca965c942912..c3fd196fcd2c 100644 --- a/gui/Makefile +++ b/gui/Makefile @@ -1,3 +1,5 @@ +PYTHON ?= python3 + # Installation directories. LINGUAS ?= ru PREFIX ?= /usr @@ -54,6 +56,8 @@ install: all install -m 644 sepolicy_$${i}.png $(DESTDIR)$(DATADIR)/icons/hicolor/$${i}x$${i}/apps/sepolicy.png; \ done install -m 644 org.selinux.config.policy $(DESTDIR)$(DATADIR)/polkit-1/actions/ + $(PYTHON) -m compileall $(DESTDIR)$(SHAREDIR) + clean: indent: