-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[BUG] SELinux module fcontext_get_policy fails when sel_level specified #61778
Comments
Hi there! Welcome to the Salt Community! Thank you for making your first contribution. We have a lengthy process for issues and PRs. Someone from the Core Team will follow up as soon as possible. In the meantime, here’s some information that may help as you continue your Salt journey.
There are lots of ways to get involved in our community. Every month, there are around a dozen opportunities to meet with other contributors and the Salt Core team and collaborate in real time. The best way to keep track is by subscribing to the Salt Community Events Calendar. |
On some systems, command "semanage fcontext -l" suffixes all lines with a single trailing whitespace. This causes selinux.fcontext_get_policy to fail to find policies if sel_level optional argument is provided. This change modifies the regexp used to match lines to handle 0 or 1 empty spaces at the end of the line. Fixes saltstack#61778
I have a work-in-progress fix at b06be84; just needs a small tweak to the regexp. However, it's lacking a good way to test the bug and the fix. |
Adding as a note, same for |
Description
If optional
sel_level
argument is given toselinux.fcontext_get_policy_name
, it fails to find the policy.For example, take this policy:
If we then add argument
sel_level=s0
, no policy is returned:Steps to Reproduce the behavior
Simply call
selinux.fcontext_get_policy
withsel_level
argument provided.Expected behavior
The matching policy is returned.
Versions Report
salt --versions-report
(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)Additional context
It appears this is because
semanage fcontext -l
command always (at least on CentOS 7, which is only system I have tested) appends an extra whitespace to the end:Notice the final hex
73 30 20 0a
which maps tos
0
<space>
<newline>
The text was updated successfully, but these errors were encountered: