From nobody Sun Feb  8 19:13:51 2026
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass(p=none dis=none)  header.from=redhat.com
ARC-Seal: i=1; a=rsa-sha256; t=1628272126; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Qu8FWSw+PoY3GM5MfmvptER2K5UFfxclrYPB5zeLa+7pzz7q0BjuAw2ps132uMZPy7NQT+Kz5C9PExp5EKbATutR47oeLNGQBGIF+V7q62bcSiQDIjNDSAe1wLK0pyXNmYSH5Ep9gODGqZgvYkmubW60e6bwXKq0x0Mu0AJHZsw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1628272126;
 h=Content-Type:Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=yEdKFSz+Luc2RBN+v6ePLsdlBv4pYkIbkpa/k3Cse3c=;
	b=HFWnj7Os+kNcE/0ZBPsq6lbZH5nQnfckSj4ZQF7UW2qumHCQZBgcSUt6a2L1r0MBmFvb+MG/Mgz6BTuhSyEVjw5hLsuroLvVkpcIHR4d2dILNw6Z41YTdiFZz6p/KpX+7oZoOxs4eBzxAaPf8doSDrYByrDUa6LFJAPeA/IC2G0=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=pass header.from=<berrange@redhat.com> (p=none dis=none)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 16282721266371006.4050751277039;
 Fri, 6 Aug 2021 10:48:46 -0700 (PDT)
Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com
 [209.132.183.4]) (Using TLS) by relay.mimecast.com with ESMTP id
 us-mta-566-Y1yZiIhqNMyLMy_oZktjkw-1; Fri, 06 Aug 2021 13:48:43 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.phx2.redhat.com
 [10.5.11.22])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 67DEC185302B;
	Fri,  6 Aug 2021 17:48:37 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 3F3C61036D28;
	Fri,  6 Aug 2021 17:48:37 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id 0C39D4A70F;
	Fri,  6 Aug 2021 17:48:37 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id 176HmZHw000809 for <libvir-list@listman.util.phx.redhat.com>;
	Fri, 6 Aug 2021 13:48:35 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id 8807181F72; Fri,  6 Aug 2021 17:48:35 +0000 (UTC)
Received: from localhost.localdomain.com (unknown [10.39.193.169])
	by smtp.corp.redhat.com (Postfix) with ESMTP id 730C27BE5B;
	Fri,  6 Aug 2021 17:48:30 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1628272125;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=yEdKFSz+Luc2RBN+v6ePLsdlBv4pYkIbkpa/k3Cse3c=;
	b=i1X3S8JbBECVaeFUW3o0JS8C270FopWm4LGui7gJN1hm5VqCzsU9rnMgZILuZg+7OJNmQI
	J0gwaoRVojHcwh72DhHQlhKxAot+cgN+WektcCTLkI1K8HEqw38dbiRrKmTLMgZN3KCuSC
	z2U2obPD++sT1D633JwilqP20JCRg0s=
X-MC-Unique: Y1yZiIhqNMyLMy_oZktjkw-1
From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
To: libvir-list@redhat.com
Subject: [libvirt PATCH 11/13] scripts: use variables for cli args in selinux
	helper
Date: Fri,  6 Aug 2021 18:48:08 +0100
Message-Id: <20210806174810.3730064-12-berrange@redhat.com>
In-Reply-To: <20210806174810.3730064-1-berrange@redhat.com>
References: <20210806174810.3730064-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: Vit Mojzis <vmojzis@redhat.com>
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://listman.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.22
Authentication-Results: relay.mimecast.com;
	auth=pass smtp.auth=CUSA124A263 smtp.mailfrom=libvir-list-bounces@redhat.com
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1628272128316100009

Instead of referencing sys.argv everywhere, use named variables to make
the code easier to understand.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
---
 scripts/selinux-compile-policy.py | 57 +++++++++++++++++--------------
 1 file changed, 32 insertions(+), 25 deletions(-)

diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-po=
licy.py
index 3890b4e55a..4550f3e7cb 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -31,20 +31,27 @@ if len(sys.argv) !=3D 10:
           .format(sys.argv[0]), file=3Dsys.stderr)
     exit(os.EX_USAGE)
=20
-module_name =3D os.path.splitext(os.path.basename(sys.argv[1]))[0]
+policy_te =3D sys.argv[1]
+policy_if =3D sys.argv[2]
+policy_fc =3D sys.argv[3]
+policy_mod =3D sys.argv[4]
+tmpdir =3D sys.argv[5]
+policy_type =3D sys.argv[6]
+checkmod_path =3D sys.argv[7]
+semod_path =3D sys.argv[8]
+policy_includes =3D sys.argv[9]
+
+module_name =3D os.path.splitext(os.path.basename(policy_te))[0]
=20
 m4param =3D ["-D", "distro_redhat", "-D", "hide_broken_symptoms",
            "-D", "mls_num_sens=3D16", "-D", "mls_num_cats=3D1024",
            "-D", "mcs_num_cats=3D1024"]
=20
-if sys.argv[6] =3D=3D "mls":
+if policy_type =3D=3D "mls":
     m4param =3D ["-D", "enable_mls"] + m4param
 else:
     m4param =3D ["-D", "enable_mcs"] + m4param
=20
-checkmod_path =3D sys.argv[7]
-semod_path =3D sys.argv[8]
-policy_includes =3D sys.argv[9]
=20
 m4support =3D sorted(glob.glob("{}/support/*.spt".format(policy_includes)))
 header_layers =3D glob.glob("{}/*/".format(policy_includes))
@@ -58,7 +65,7 @@ header_interfaces.sort()
=20
 # prepare temp folder
 try:
-    os.makedirs(sys.argv[5])
+    os.makedirs(tmpdir)
 except Exception:
     pass
=20
@@ -67,25 +74,25 @@ tmpfiles =3D ["{}.{}".format(module_name, ext)
             for ext in ["mod", "mod.fc", "tmp"]]
 for name in ["iferror.m4", "all_interfaces.conf"] + tmpfiles:
     try:
-        os.remove(os.path.join(sys.argv[5], name))
+        os.remove(os.path.join(tmpdir, name))
     except Exception:
         pass
=20
 # tmp/all_interfaces.conf
 # echo "ifdef(\`__if_error',\`m4exit(1)')" > $5/iferror.m4
-with open(os.path.join(sys.argv[5], "iferror.m4"), "w") as file:
+with open(os.path.join(tmpdir, "iferror.m4"), "w") as file:
     file.write("ifdef(`__if_error',`m4exit(1)')\n")
=20
 # echo "divert(-1)" > $5/all_interfaces.conf
-with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "w") as int_fi=
le:
+with open(os.path.join(tmpdir, "all_interfaces.conf"), "w") as int_file:
     int_file.write("divert(-1)\n")
=20
 # m4 $M4SUPPORT $HEADER_INTERFACES $2 $5/iferror.m4
 #   | sed -e s/dollarsstar/\$\$\*/g >> $5/all_interfaces.conf
 m4_run =3D subprocess.run(r"m4 {} | sed -e s/dollarsstar/\$\$\*/g >> {}".f=
ormat(
-                        " ".join([*m4support, *header_interfaces, sys.argv=
[2],
-                                  os.path.join(sys.argv[5], "iferror.m4")]=
),
-                        os.path.join(sys.argv[5], "all_interfaces.conf")),
+                        " ".join([*m4support, *header_interfaces, policy_i=
f,
+                                  os.path.join(tmpdir, "iferror.m4")]),
+                        os.path.join(tmpdir, "all_interfaces.conf")),
                         shell=3DTrue, check=3DTrue, stderr=3Dsubprocess.PI=
PE,
                         universal_newlines=3DTrue)
=20
@@ -98,40 +105,40 @@ for line in m4_run.stderr.split('\n'):
         print(line, file=3Dsys.stderr)
=20
 # doesn't work properly without "shell=3DTrue"
-#    m4_process =3D Popen(["m4", *m4support, *header_interfaces, sys.argv[=
2],
-#                        os.path.join(sys.argv[5], "iferror.m4")],
+#    m4_process =3D Popen(["m4", *m4support, *header_interfaces, policy_if,
+#                        os.path.join(tmpdir, "iferror.m4")],
 #                       stdout=3DPIPE, stderr=3DPIPE)
 #    sed_process =3D Popen(["sed", "-e", "s/dollarsstar/\$\$\*/g"],
 #                        stdin=3Dm4_process.stdout, stdout=3Dint_file)
 #    outs, errs =3D m4_process.communicate()
=20
 # echo "divert" >> $5/all_interfaces.conf
-with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "a") as file:
+with open(os.path.join(tmpdir, "all_interfaces.conf"), "a") as file:
     file.write("divert\n")
=20
 # tmp/%.mod
 # m4 $M4PARAM -s $M4SUPPORT $5/all_interfaces.conf $1 > $5/$MODULE_NAME.tmp
-with open(os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
+with open(os.path.join(tmpdir, "{}.tmp".format(module_name)),
           "w") as tmp_file:
     subprocess.run(["m4", *m4param, "-s", *m4support,
-                    os.path.join(sys.argv[5], "all_interfaces.conf"),
-                    sys.argv[1]], stdout=3Dtmp_file, check=3DTrue)
+                    os.path.join(tmpdir, "all_interfaces.conf"),
+                    policy_te], stdout=3Dtmp_file, check=3DTrue)
=20
 # checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
 subprocess.run([checkmod_path,
                 "-M",
                 "-m",
-                os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
+                os.path.join(tmpdir, "{}.tmp".format(module_name)),
                 "-o",
-                os.path.join(sys.argv[5], "{}.mod".format(module_name))],
+                os.path.join(tmpdir, "{}.mod".format(module_name))],
                check=3DTrue)
=20
=20
 # tmp/%.mod.fc
 # m4 $M4PARAM $M4SUPPORT $3 > $5/$MODULE_NAME.mod.fc
-with open(os.path.join(sys.argv[5],
+with open(os.path.join(tmpdir,
                        "{}.mod.fc".format(module_name)), "w") as mod_fc_fi=
le:
-    subprocess.run(["m4", *m4param, *m4support, sys.argv[3]],
+    subprocess.run(["m4", *m4param, *m4support, policy_fc],
                    stdout=3Dmod_fc_file, check=3DTrue)
=20
 # %.pp
@@ -139,9 +146,9 @@ with open(os.path.join(sys.argv[5],
 #   -f $5/$MODULE_NAME.mod.fc
 subprocess.run([semod_path,
                 "-o",
-                sys.argv[4],
+                policy_mod,
                 "-m",
-                os.path.join(sys.argv[5], "{}.mod".format(module_name)),
+                os.path.join(tmpdir, "{}.mod".format(module_name)),
                 "-f",
-                os.path.join(sys.argv[5], "{}.mod.fc".format(module_name))=
],
+                os.path.join(tmpdir, "{}.mod.fc".format(module_name))],
                check=3DTrue)
--=20
2.31.1