From 06289974f8c856a0d1bf981779545d440655ac68 Mon Sep 17 00:00:00 2001 From: Yi Zhao Date: Thu, 26 Sep 2024 19:28:47 +0800 Subject: [PATCH] selinux-python: fix sepolicy runtime error For some distributions (e.g. Yocto) that do not provide system-release/distribution-release file, libdnf can not get releasever variable, causing conf.substitutions['releasever'] to not be set. This will cause 'sepolicy generate' command to fail with the following error on these distributions: $ sepolicy generate --init /usr/local/bin/foo Traceback (most recent call last): File "/usr/bin/sepolicy", line 702, in args.func(args) File "/usr/bin/sepolicy", line 569, in generate mypolicy.gen_writeable() File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1302, in gen_writeable self.__extract_rpms() File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1268, in __extract_rpms base.read_all_repos() File "/usr/lib/python3.12/site-packages/dnf/base.py", line 554, in read_all_repos for repo in reader: ^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 42, in __iter__ for r in self._get_repos(self.conf.config_file_path): ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 109, in _get_repos parser.setSubstitutions(substs) File "/usr/lib/python3.12/site-packages/libdnf/conf.py", line 1643, in setSubstitutions return _conf.ConfigParser_setSubstitutions(self, substitutions) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ TypeError: in method 'ConfigParser_setSubstitutions', argument 2 of type 'std::map< std::string,std::string,std::less< std::string >,std::allocator< std::pair< std::string const,std::string > > > const &' Set conf.substitutions['releasever'] to empty str if releasever is None. Signed-off-by: Yi Zhao Signed-off-by: Joe MacDonald --- ...f.substitutions-releasever-to-empty-.patch | 61 +++++++++++++++++++ .../selinux/selinux-python_3.7.bb | 1 + 2 files changed, 62 insertions(+) create mode 100644 recipes-security/selinux/selinux-python/0001-sepolicy-set-conf.substitutions-releasever-to-empty-.patch diff --git a/recipes-security/selinux/selinux-python/0001-sepolicy-set-conf.substitutions-releasever-to-empty-.patch b/recipes-security/selinux/selinux-python/0001-sepolicy-set-conf.substitutions-releasever-to-empty-.patch new file mode 100644 index 0000000..5c744d7 --- /dev/null +++ b/recipes-security/selinux/selinux-python/0001-sepolicy-set-conf.substitutions-releasever-to-empty-.patch @@ -0,0 +1,61 @@ +From 70187651a2239d5d8d70130e82c6f108eee77aa1 Mon Sep 17 00:00:00 2001 +From: Yi Zhao +Date: Tue, 24 Sep 2024 14:07:41 +0800 +Subject: [PATCH] sepolicy: set conf.substitutions['releasever'] to empty str + when releasever is None + +For some distributions (e.g. Yocto) that do not provide +system-release/distribution-release file, libdnf can not get releasever +variable, causing conf.substitutions['releasever'] to not be set. +This will cause 'sepolicy generate' command to fail with the following +error on these distributions: + +$ sepolicy generate --init /usr/local/bin/foo +Traceback (most recent call last): + File "/usr/bin/sepolicy", line 702, in + args.func(args) + File "/usr/bin/sepolicy", line 569, in generate + mypolicy.gen_writeable() + File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1302, in gen_writeable + self.__extract_rpms() + File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1268, in __extract_rpms + base.read_all_repos() + File "/usr/lib/python3.12/site-packages/dnf/base.py", line 554, in read_all_repos + for repo in reader: + ^^^^^^ + File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 42, in __iter__ + for r in self._get_repos(self.conf.config_file_path): + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + File "/usr/lib/python3.12/site-packages/dnf/conf/read.py", line 109, in _get_repos + parser.setSubstitutions(substs) + File "/usr/lib/python3.12/site-packages/libdnf/conf.py", line 1643, in setSubstitutions + return _conf.ConfigParser_setSubstitutions(self, substitutions) + ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +TypeError: in method 'ConfigParser_setSubstitutions', argument 2 of type 'std::map< std::string,std::string,std::less< std::string >,std::allocator< std::pair< std::string const,std::string > > > const &' + +Set conf.substitutions['releasever'] to empty str if releasever is None. + +Upstream-Status: Submitted [https://github.com/SELinuxProject/selinux/pull/444] + +Signed-off-by: Yi Zhao +--- + sepolicy/sepolicy/generate.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sepolicy/sepolicy/generate.py b/sepolicy/sepolicy/generate.py +index adf65f2..56923dc 100644 +--- a/sepolicy/sepolicy/generate.py ++++ b/sepolicy/sepolicy/generate.py +@@ -1265,6 +1265,9 @@ allow %s_t %s_t:%s_socket name_%s; + import dnf + + with dnf.Base() as base: ++ if base.conf.substitutions.get('releasever') is None: ++ base.conf.substitutions['releasever'] = '' ++ + base.read_all_repos() + base.fill_sack(load_system_repo=True) + +-- +2.25.1 + diff --git a/recipes-security/selinux/selinux-python_3.7.bb b/recipes-security/selinux/selinux-python_3.7.bb index faf5d28..e2dc932 100644 --- a/recipes-security/selinux/selinux-python_3.7.bb +++ b/recipes-security/selinux/selinux-python_3.7.bb @@ -11,6 +11,7 @@ require selinux_common.inc inherit python3targetconfig SRC_URI += "file://fix-sepolicy-install-path.patch \ + file://0001-sepolicy-set-conf.substitutions-releasever-to-empty-.patch \ " S = "${WORKDIR}/git/python"