When attempting to run:
libvirt.git/_build # ./run --selinux ./src/libvirtd
the following error is thrown:
Refusing to change selinux context of file './src/libvirtd' outside build directory
which is obviously wrong. The problem is 'being inside of build
directory' is detected by simple progpath.startswith(builddir).
While builddir is an absolute path, progpath isn't necessarily.
And while looking into the code, I've noticed chcon() function
accessing variable outside its scope when printing out the path
it's working on.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
v2 of:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/UZ6F7MWEJBUMUUBODXGAXQW4NY2UEEVF/
diff to v1:
- error out if binary to run can't be identified (i.e. 'which' returns
None).
run.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/run.in b/run.in
index 5b89b3dcd5..cada74dfcd 100644
--- a/run.in
+++ b/run.in
@@ -138,7 +138,7 @@ def change_unit(name, action):
def chcon(path, user, role, type):
- print("Setting file context of {} to u={}, r={}, t={}...".format(progpath,
+ print("Setting file context of {} to u={}, r={}, t={}...".format(path,
user,
role,
type))
@@ -187,6 +187,10 @@ else:
try:
dorestorecon = False
progpath = shutil.which(prog)
+ if not progpath:
+ raise Exception("Can't find executable {}"
+ .format(prog))
+ progpath = os.path.abspath(progpath)
if len(try_stop_units):
print("Temporarily stopping systemd units...")
--
2.44.1On Tue, May 28, 2024 at 10:49:34 +0200, Michal Privoznik wrote:
> When attempting to run:
>
> libvirt.git/_build # ./run --selinux ./src/libvirtd
>
> the following error is thrown:
>
> Refusing to change selinux context of file './src/libvirtd' outside build directory
>
> which is obviously wrong. The problem is 'being inside of build
> directory' is detected by simple progpath.startswith(builddir).
> While builddir is an absolute path, progpath isn't necessarily.
>
> And while looking into the code, I've noticed chcon() function
> accessing variable outside its scope when printing out the path
> it's working on.
>
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
>
> v2 of:
>
> https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/UZ6F7MWEJBUMUUBODXGAXQW4NY2UEEVF/
>
> diff to v1:
> - error out if binary to run can't be identified (i.e. 'which' returns
> None).
>
> run.in | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/run.in b/run.in
> index 5b89b3dcd5..cada74dfcd 100644
> --- a/run.in
> +++ b/run.in
> @@ -138,7 +138,7 @@ def change_unit(name, action):
>
>
> def chcon(path, user, role, type):
> - print("Setting file context of {} to u={}, r={}, t={}...".format(progpath,
> + print("Setting file context of {} to u={}, r={}, t={}...".format(path,
> user,
> role,
> type))
> @@ -187,6 +187,10 @@ else:
> try:
> dorestorecon = False
> progpath = shutil.which(prog)
> + if not progpath:
> + raise Exception("Can't find executable {}"
> + .format(prog))
> + progpath = os.path.abspath(progpath)
> if len(try_stop_units):
> print("Temporarily stopping systemd units...")
You can drop the second (now unreachable) check a few lines later:
if not progpath:
raise Exception("Can't find executable {} for selinux labeling"
.format(prog))
Reviewed-by: Jiri Denemark <jdenemar@redhat.com>
© 2016 - 2024 Red Hat, Inc.