From 4b8397a510c4ff6f903e98bef50d350410f41451 Mon Sep 17 00:00:00 2001 From: Scott Moser Date: Thu, 24 Jul 2014 19:41:10 -0400 Subject: SeLinuxGuard: remove invalid check for sanity around restorecon, fix test previous commit occurred because the selinux test was failing in a schroot where there was no /etc/hosts. Now, fix that test more correctly, and fix some bad assumptions in the SeLinuxGuard. --- ChangeLog | 1 + cloudinit/util.py | 34 +++++++++++++++++----------------- tests/unittests/test_util.py | 18 ++++++++---------- 3 files changed, 26 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index 728b54b5..d52dfa47 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ [Dimitri John Ledkov] - change trunk debian packaging to use pybuild and drop cdbs. [Dimitri John Ledkov] + - SeLinuxGuard: remove invalid check that looked for stat.st_mode in os.lstat. 0.7.5: - open 0.7.5 - Add a debug log message around import failures diff --git a/cloudinit/util.py b/cloudinit/util.py index 06039ee2..bc681f4a 100644 --- a/cloudinit/util.py +++ b/cloudinit/util.py @@ -146,23 +146,23 @@ class SeLinuxGuard(object): return False def __exit__(self, excp_type, excp_value, excp_traceback): - if self.selinux and self.selinux.is_selinux_enabled(): - path = os.path.realpath(os.path.expanduser(self.path)) - # path should be a string, not unicode - path = str(path) - do_restore = False - try: - # See if even worth restoring?? - stats = os.lstat(path) - if stat.ST_MODE in stats: - self.selinux.matchpathcon(path, stats[stat.ST_MODE]) - do_restore = True - except OSError: - pass - if do_restore: - LOG.debug("Restoring selinux mode for %s (recursive=%s)", - path, self.recursive) - self.selinux.restorecon(path, recursive=self.recursive) + if not self.selinux or not self.selinux.is_selinux_enabled(): + return + if not os.path.lexists(self.path): + return + + path = os.path.realpath(self.path) + # path should be a string, not unicode + path = str(path) + try: + stats = os.lstat(path) + self.selinux.matchpathcon(path, stats[stat.ST_MODE]) + except OSError: + return + + LOG.debug("Restoring selinux mode for %s (recursive=%s)", + path, self.recursive) + self.selinux.restorecon(path, recursive=self.recursive) class MountFailedError(Exception): diff --git a/tests/unittests/test_util.py b/tests/unittests/test_util.py index 618a317d..0cb41520 100644 --- a/tests/unittests/test_util.py +++ b/tests/unittests/test_util.py @@ -12,12 +12,6 @@ from cloudinit import importer from cloudinit import util -try: - import selinux - HAS_SELINUX = True -except ImportError: - HAS_SELINUX = False - class FakeSelinux(object): def __init__(self, match_what): @@ -128,19 +122,23 @@ class TestWriteFile(MockerTestCase): create_contents = f.read() self.assertEqual("LINE1\nHey there", create_contents) - @unittest.skipIf(not HAS_SELINUX, "selinux not available") def test_restorecon_if_possible_is_called(self): """Make sure the selinux guard is called correctly.""" + my_file = os.path.join(self.tmp, "my_file") + with open(my_file, "w") as fp: + fp.write("My Content") + import_mock = self.mocker.replace(importer.import_module, passthrough=False) import_mock('selinux') - fake_se = FakeSelinux('/etc/hosts') + + fake_se = FakeSelinux(my_file) self.mocker.result(fake_se) self.mocker.replay() - with util.SeLinuxGuard("/etc/hosts") as is_on: + with util.SeLinuxGuard(my_file) as is_on: self.assertTrue(is_on) self.assertEqual(1, len(fake_se.restored)) - self.assertEqual('/etc/hosts', fake_se.restored[0]) + self.assertEqual(my_file, fake_se.restored[0]) class TestDeleteDirContents(MockerTestCase): -- cgit v1.2.3