libselinux: Rewrite restorecon() python method

When the restorecon method was added to the libselinux swig python
bindings, there was no libselinux restorecon implementation and it
he had to call matchpathcon() which is deprecated in favor of
selabel_lookup().

The new restorecon method uses selinux_restorecon method from libselinux
and which is exported by the previous commit.

https://github.com/SELinuxProject/selinux/issues/29

Fixes:
>>> selinux.restorecon('/var/lib', recursive=True)
Traceback (most recent call last):
  File "/usr/lib64/python3.5/site-packages/selinux/__init__.py", line 114, in restorecon
    status, context = matchpathcon(path, mode)
FileNotFoundError: [Errno 2] No such file or directory

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
This commit is contained in:
Petr Lautrbach 2016-12-22 13:43:09 +01:00 committed by Stephen Smalley
parent 0399ec6438
commit 14f07097c3

View File

@ -19,31 +19,23 @@ DISABLED = -1
PERMISSIVE = 0
ENFORCING = 1
def restorecon(path, recursive=False):
""" Restore SELinux context on a given path """
def restorecon(path, recursive=False, verbose=False):
""" Restore SELinux context on a given path
try:
mode = os.lstat(path)[stat.ST_MODE]
status, context = matchpathcon(path, mode)
except OSError:
path = os.path.realpath(os.path.expanduser(path))
mode = os.lstat(path)[stat.ST_MODE]
status, context = matchpathcon(path, mode)
Arguments:
path -- The pathname for the file or directory to be relabeled.
if status == 0:
try:
status, oldcontext = lgetfilecon(path)
except OSError as e:
if e.errno != errno.ENODATA:
raise
oldcontext = None
if context != oldcontext:
lsetfilecon(path, context)
Keyword arguments:
recursive -- Change files and directories file labels recursively (default False)
verbose -- Show changes in file labels (default False)
"""
if recursive:
for root, dirs, files in os.walk(path):
for name in files + dirs:
restorecon(os.path.join(root, name))
restorecon_flags = SELINUX_RESTORECON_IGNORE_DIGEST | SELINUX_RESTORECON_REALPATH
if recursive:
restorecon_flags |= SELINUX_RESTORECON_RECURSE
if verbose:
restorecon_flags |= SELINUX_RESTORECON_VERBOSE
selinux_restorecon(os.path.expanduser(path), restorecon_flags)
def chcon(path, context, recursive=False):
""" Set the SELinux context on a given path """