When attempting to run:
libvirt.git/_build # ./run --selinux ./src/libvirtd
the following error is thrown:
Refusing to change selinux context of file './src/libvirtd' outside build
directory
which is obviously wrong. The problem is 'being inside of build
directory' is detected by simple progpath.startswith(builddir).
While builddir is an absolute path, progpath isn't necessarily.
And while looking into the code, I've noticed chcon() function
accessing variable outside its scope when printing out the path
it's working on.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
v2 of:
https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/UZ...
diff to v1:
- error out if binary to run can't be identified (i.e. 'which' returns
None).
run.in | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/run.in b/run.in
index 5b89b3dcd5..cada74dfcd 100644
--- a/run.in
+++ b/run.in
@@ -138,7 +138,7 @@ def change_unit(name, action):
def chcon(path, user, role, type):
- print("Setting file context of {} to u={}, r={},
t={}...".format(progpath,
+ print("Setting file context of {} to u={}, r={}, t={}...".format(path,
user,
role,
type))
@@ -187,6 +187,10 @@ else:
try:
dorestorecon = False
progpath = shutil.which(prog)
+ if not progpath:
+ raise Exception("Can't find executable {}"
+ .format(prog))
+ progpath = os.path.abspath(progpath)
if len(try_stop_units):
print("Temporarily stopping systemd units...")
You can drop the second (now unreachable) check a few lines later:
if not progpath:
raise Exception("Can't find executable {} for selinux labeling"
.format(prog))
Reviewed-by: Jiri Denemark <jdenemar(a)redhat.com>