utils: SELinux file context #101
Conversation
pytest_mh/utils/fs.py
Outdated
| @@ -230,6 +231,23 @@ def exists(self, path: str) -> bool: | |||
|
|
|||
| return False | |||
|
|
|||
| def selinux_context(self, path: str) -> SELinuxContext | None: | |||
There was a problem hiding this comment.
If this can be None, we will always need to run two asserts otherwise static analysis will be sad:
assert x in not None, "Could not detect selinux context"
assert x.type == "foo_t", "Context does not match"
I would rather see the object of the type SELinuxContext that has "bogus values" that You can just directly compare instead.
There was a problem hiding this comment.
| def selinux_context(self, path: str) -> SELinuxContext | None: | |
| def selinux_context(self, path: str) -> SELinuxContext: |
There was a problem hiding this comment.
Returning both SELinuxContext or None is generally preferred in Python for its clarity and flexibility in handling the potential absence of a value. It could happen that the command didn't run successfully and we don't get any SELinux context, thus checking for it is the only way of getting the proper verbosity output in the logs. I could also return an exception, but that wouldn't be as clear as None.
pytest_mh/utils/selinux.py
Outdated
| else: | ||
| return None | ||
| else: | ||
| return None |
There was a problem hiding this comment.
| else: | |
| return None | |
| else: | |
| return None | |
| return cls("Not found","Not found","Not found","Not found","Not found") |
pytest_mh/utils/fs.py
Outdated
| if result.rc != 0: | ||
| return None | ||
|
|
There was a problem hiding this comment.
| if result.rc != 0: | |
| return None |
ikerexxe
force-pushed
the
selinux-context
branch
2 times, most recently
from
244f636 to
5c5da56
Compare
|
How is this going to be used? |
|
This will be used by shadow project to check the correct labeling of SELinux files. More specifically the issue that triggered this development is shadow-maint/shadow#940. I thought this might be useful for other projects that use pytest-mh and its file processing utilities, and that's why I decided to implement it in pytest-mh instead of in the shadow test framework. |
|
I'm fine with that, but apart from checking SELinux file context labels I wouldn't like to implement anything else for now. Would you be okay with such a simple class? |
Yes, at least we will have a placeholder for more selinux code in the future. |
It's very simple but it's done. |
Implement SELinux and SELinux file context classes to check the SELinux context of a file. Signed-off-by: Iker Pedrosa <[email protected]>
Implement SELinux file context class and LinuxFileSystem method.