package/selinux-python/0001-python-sepolgen-fix-ausearch-path.patch - buildroot - Git at Google

 From 8610efc1610a4e9d4cbfa19ed4a519a6425aee70 Mon Sep 17 00:00:00 2001
 From: "Yann E. MORIN" <yann.morin.1998@free.fr>
 Date: Tue, 9 May 2023 22:28:36 +0200
 Subject: [PATCH] python?sepolgen: fix ausearch path

 ausearch is not always isntalled in /sbin; some systems install it in
 /usr/sbin, or it can also be locally installed in /usr/local/sbin.

 The python doc [0] suggests using shutil.which() to find the path where
 a command is. which() returns None if the command is not found. If
 ausearch is not found, that would result in an exception being raised by
 Popen():
     TypeError: expected str, bytes or os.PathLike object, not NoneType

 This is not very informative of what actually failed...

 However, the doc suggests so for portability. In our case, the python
 tools are only ever going to run on a Linux host (by their virtue of
 dealing with SELinux), so the search will be reliably done by looking in
 PATH, so we can let Popen() bubble the resolving of an unqualified
 command, down to execvpe() (or the similar actual syscall of the exec*()
 familly). If ausearch is then not found, Popen() raises an exception
 that is wy more informative then:
     FileNotFoundError: [Errno 2] No such file or directory: 'ausearch'

 [0] https://docs.python.org/3/library/subprocess.html#subprocess.Popen

 Signed-off-by: Adam Duskett <aduskett@gmail.com>
 [yann.morin.1998@free.fr:
   - let Popen() resolve from PATH
   - rewrite commit log
 ]
 Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
 Upstream: not submitted
 ---
  python/sepolgen/src/sepolgen/audit.py | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py
 index 4adb851f..5eafa587 100644
 --- a/sepolgen/src/sepolgen/audit.py
 +++ b/sepolgen/src/sepolgen/audit.py
 @@ -41,7 +41,7 @@ def get_audit_boot_msgs():
      s = time.localtime(time.time() - off)
      bootdate = time.strftime("%x", s)
      boottime = time.strftime("%X", s)
 -    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
 +    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
                                stdout=subprocess.PIPE).communicate()[0]
      if util.PY3:
          output = util.decode_input(output)
 @@ -56,7 +56,7 @@ def get_audit_msgs():
         string contain all of the audit messages returned by ausearch.
      """
      import subprocess
 -    output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
 +    output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
                                stdout=subprocess.PIPE).communicate()[0]
      if util.PY3:
          output = util.decode_input(output)
 --
 2.25.1
	From 8610efc1610a4e9d4cbfa19ed4a519a6425aee70 Mon Sep 17 00:00:00 2001
	From: "Yann E. MORIN" <yann.morin.1998@free.fr>
	Date: Tue, 9 May 2023 22:28:36 +0200
	Subject: [PATCH] python?sepolgen: fix ausearch path

	ausearch is not always isntalled in /sbin; some systems install it in
	/usr/sbin, or it can also be locally installed in /usr/local/sbin.

	The python doc [0] suggests using shutil.which() to find the path where
	a command is. which() returns None if the command is not found. If
	ausearch is not found, that would result in an exception being raised by
	Popen():
	TypeError: expected str, bytes or os.PathLike object, not NoneType

	This is not very informative of what actually failed...

	However, the doc suggests so for portability. In our case, the python
	tools are only ever going to run on a Linux host (by their virtue of
	dealing with SELinux), so the search will be reliably done by looking in
	PATH, so we can let Popen() bubble the resolving of an unqualified
	command, down to execvpe() (or the similar actual syscall of the exec*()
	familly). If ausearch is then not found, Popen() raises an exception
	that is wy more informative then:
	FileNotFoundError: [Errno 2] No such file or directory: 'ausearch'

	[0] https://docs.python.org/3/library/subprocess.html#subprocess.Popen

	Signed-off-by: Adam Duskett <aduskett@gmail.com>
	[yann.morin.1998@free.fr:
	- let Popen() resolve from PATH
	- rewrite commit log
	]
	Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
	Upstream: not submitted
	---
	python/sepolgen/src/sepolgen/audit.py \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	diff --git a/python/sepolgen/src/sepolgen/audit.py b/python/sepolgen/src/sepolgen/audit.py
	index 4adb851f..5eafa587 100644
	--- a/sepolgen/src/sepolgen/audit.py
	+++ b/sepolgen/src/sepolgen/audit.py
	@@ -41,7 +41,7 @@ def get_audit_boot_msgs():
	s = time.localtime(time.time() - off)
	bootdate = time.strftime("%x", s)
	boottime = time.strftime("%X", s)
	- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
	+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
	stdout=subprocess.PIPE).communicate()[0]
	if util.PY3:
	output = util.decode_input(output)
	@@ -56,7 +56,7 @@ def get_audit_msgs():
	string contain all of the audit messages returned by ausearch.
	"""
	import subprocess
	- output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
	+ output = subprocess.Popen(["ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR"],
	stdout=subprocess.PIPE).communicate()[0]
	if util.PY3:
	output = util.decode_input(output)
	--
	2.25.1