libs/utils: Handle 'Disabled' SELinux with non-android userspaces (!610) · Merge requests · Tooling / lisa

Darryl Green requested to merge github/fork/credp/executor_selinux_change into master Jul 02, 2018

Created by: credp

On my Juno running Debian Jessie userspace, I have a problem with the selinux handling code in executor.py. I have selinux infrastructure, but none of it is enabled.

When you call getenforce, the value is 'Disabled' and return code 0. This causes us to set self._old_selinux_mode to 'Disabled' and proceed to call 'setenforce 0', which returns 'setenforce: SELinux is disabled' with return code 1 - which is correctly raised as a TargetError by target.execute. We can't restore the disabled mode either, setenforce always returns an error code.

setenforce 0 ; echo $? setenforce: SELinux is disabled 1 setenforce 1 ; echo $? setenforce: SELinux is disabled 1

Since what we're after is to have selinux in permissive mode, instead take account of the 'Disabled' _old_selinux_mode to also make no change to selinux mode, just like we do if getenforce doesn't exist.

Signed-off-by: Chris Redpath chris.redpath@arm.com

libs/utils: Handle 'Disabled' SELinux with non-android userspaces

Merge request reports