python/semanage: Do not sort local fcontext definitions

Entries in file_contexts.local are processed from the most recent one to the oldest, with first match being used. Therefore it is important to preserve their order when listing (semanage fcontext -lC) and exporting (semanage export). Signed-off-by: Vit Mojzis <[email protected]> Acked-by: James Carter <[email protected]>
SELinuxProject · Mar 4, 2024 · 1a3d589 · 1a3d589
1 parent fc2822a
commit 1a3d589
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/gui/fcontextPage.py b/gui/fcontextPage.py
@@ -133,7 +133,11 @@ def load(self, filter=""):
  self.fcontext = seobject.fcontextRecords()
  self.store.clear()
  fcon_dict = self.fcontext.get_all(self.local)
- for k in sorted(fcon_dict.keys()):
+ if self.local:
+ fkeys = fcon_dict.keys()
+ else:
+ fkeys = sorted(fcon_dict.keys())
+ for k in fkeys:
  if not self.match(fcon_dict, k, filter):
  continue
  iter = self.store.append()

diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py
@@ -2653,7 +2653,7 @@ def get_all(self, locallist=0):
  def customized(self):
  l = []
  fcon_dict = self.get_all(True)
- for k in sorted(fcon_dict.keys()):
+ for k in fcon_dict.keys():
  if fcon_dict[k]:
  if fcon_dict[k][3]:
  l.append("-a -f %s -t %s -r '%s' '%s'" % (file_type_str_to_option[k[1]], fcon_dict[k][2], fcon_dict[k][3], k[0]))
@@ -2670,7 +2670,12 @@ def list(self, heading=1, locallist=0):
  if len(fcon_dict) != 0:
  if heading:
  print("%-50s %-18s %s\n" % (_("SELinux fcontext"), _("type"), _("Context")))
- for k in sorted(fcon_dict.keys()):
+ # do not sort local customizations since they are evaluated based on the order they where added in
+ if locallist:
+ fkeys = fcon_dict.keys()
+ else:
+ fkeys = sorted(fcon_dict.keys())
+ for k in fkeys:
  if fcon_dict[k]:
  if is_mls_enabled:
  print("%-50s %-18s %s:%s:%s:%s " % (k[0], k[1], fcon_dict[k][0], fcon_dict[k][1], fcon_dict[k][2], translate(fcon_dict[k][3], False)))