Bug #286497 - Make setexec() warn/nonfatal in permissive mode. Thanks to

author Zac Medico <zmedico@gentoo.org>

Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)

committer Zac Medico <zmedico@gentoo.org>

Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)
author Zac Medico <zmedico@gentoo.org>
Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)
committer Zac Medico <zmedico@gentoo.org>
Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)
diff --git a/pym/portage/_selinux.py b/pym/portage/_selinux.py

index d013fa969e39b7404e18a5ecd7a27a906f2eda4e..5367afc9c11166d3e701ade401ae4710ad4a5822 100644 (file)
--- a/pym/portage/_selinux.py
+++ b/pym/portage/_selinux.py
@@ -8,8 +8,10 @@ import os
  import shutil
  
  from portage import _encodings
+from portage import _unicode_decode
  from portage import _unicode_encode
  from portage.localization import _
+from portage.util import writemsg
  
  import selinux
  from selinux import is_selinux_enabled
@@ -70,7 +72,14 @@ def settype(newtype):
  def setexec(ctx="\n"):
         ctx = _unicode_encode(ctx, encoding=_encodings['content'], errors='strict')
         if selinux.setexeccon(ctx) < 0:
-               raise OSError(_("setexec: Failed setting exec() context \"%s\".") % ctx)
+               ctx = _unicode_decode(ctx, encoding=_encodings['content'],
+                       errors='replace')
+               if selinux.security_getenforce() == 1:
+                       raise OSError(_("Failed setting exec() context \"%s\".") % ctx)
+               else:
+                       writemsg("!!! " + \
+                               _("Failed setting exec() context \"%s\".") % ctx, \
+                               noiselevel=-1)
  
  def setfscreate(ctx="\n"):
         ctx = _unicode_encode(ctx,
author	Zac Medico <zmedico@gentoo.org>
	Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)
committer	Zac Medico <zmedico@gentoo.org>
	Thu, 17 Dec 2009 02:20:58 +0000 (02:20 -0000)