[libvirt PATCH 11/13] scripts: use variables for cli args in selinux helper
Daniel P. Berrangé
berrange at redhat.com
Fri Aug 6 17:48:08 UTC 2021
Instead of referencing sys.argv everywhere, use named variables to make
the code easier to understand.
Signed-off-by: Daniel P. Berrangé <berrange at redhat.com>
---
scripts/selinux-compile-policy.py | 57 +++++++++++++++++--------------
1 file changed, 32 insertions(+), 25 deletions(-)
diff --git a/scripts/selinux-compile-policy.py b/scripts/selinux-compile-policy.py
index 3890b4e55a..4550f3e7cb 100755
--- a/scripts/selinux-compile-policy.py
+++ b/scripts/selinux-compile-policy.py
@@ -31,20 +31,27 @@ if len(sys.argv) != 10:
.format(sys.argv[0]), file=sys.stderr)
exit(os.EX_USAGE)
-module_name = os.path.splitext(os.path.basename(sys.argv[1]))[0]
+policy_te = sys.argv[1]
+policy_if = sys.argv[2]
+policy_fc = sys.argv[3]
+policy_mod = sys.argv[4]
+tmpdir = sys.argv[5]
+policy_type = sys.argv[6]
+checkmod_path = sys.argv[7]
+semod_path = sys.argv[8]
+policy_includes = sys.argv[9]
+
+module_name = os.path.splitext(os.path.basename(policy_te))[0]
m4param = ["-D", "distro_redhat", "-D", "hide_broken_symptoms",
"-D", "mls_num_sens=16", "-D", "mls_num_cats=1024",
"-D", "mcs_num_cats=1024"]
-if sys.argv[6] == "mls":
+if policy_type == "mls":
m4param = ["-D", "enable_mls"] + m4param
else:
m4param = ["-D", "enable_mcs"] + m4param
-checkmod_path = sys.argv[7]
-semod_path = sys.argv[8]
-policy_includes = sys.argv[9]
m4support = sorted(glob.glob("{}/support/*.spt".format(policy_includes)))
header_layers = glob.glob("{}/*/".format(policy_includes))
@@ -58,7 +65,7 @@ header_interfaces.sort()
# prepare temp folder
try:
- os.makedirs(sys.argv[5])
+ os.makedirs(tmpdir)
except Exception:
pass
@@ -67,25 +74,25 @@ tmpfiles = ["{}.{}".format(module_name, ext)
for ext in ["mod", "mod.fc", "tmp"]]
for name in ["iferror.m4", "all_interfaces.conf"] + tmpfiles:
try:
- os.remove(os.path.join(sys.argv[5], name))
+ os.remove(os.path.join(tmpdir, name))
except Exception:
pass
# tmp/all_interfaces.conf
# echo "ifdef(\`__if_error',\`m4exit(1)')" > $5/iferror.m4
-with open(os.path.join(sys.argv[5], "iferror.m4"), "w") as file:
+with open(os.path.join(tmpdir, "iferror.m4"), "w") as file:
file.write("ifdef(`__if_error',`m4exit(1)')\n")
# echo "divert(-1)" > $5/all_interfaces.conf
-with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "w") as int_file:
+with open(os.path.join(tmpdir, "all_interfaces.conf"), "w") as int_file:
int_file.write("divert(-1)\n")
# m4 $M4SUPPORT $HEADER_INTERFACES $2 $5/iferror.m4
# | sed -e s/dollarsstar/\$\$\*/g >> $5/all_interfaces.conf
m4_run = subprocess.run(r"m4 {} | sed -e s/dollarsstar/\$\$\*/g >> {}".format(
- " ".join([*m4support, *header_interfaces, sys.argv[2],
- os.path.join(sys.argv[5], "iferror.m4")]),
- os.path.join(sys.argv[5], "all_interfaces.conf")),
+ " ".join([*m4support, *header_interfaces, policy_if,
+ os.path.join(tmpdir, "iferror.m4")]),
+ os.path.join(tmpdir, "all_interfaces.conf")),
shell=True, check=True, stderr=subprocess.PIPE,
universal_newlines=True)
@@ -98,40 +105,40 @@ for line in m4_run.stderr.split('\n'):
print(line, file=sys.stderr)
# doesn't work properly without "shell=True"
-# m4_process = Popen(["m4", *m4support, *header_interfaces, sys.argv[2],
-# os.path.join(sys.argv[5], "iferror.m4")],
+# m4_process = Popen(["m4", *m4support, *header_interfaces, policy_if,
+# os.path.join(tmpdir, "iferror.m4")],
# stdout=PIPE, stderr=PIPE)
# sed_process = Popen(["sed", "-e", "s/dollarsstar/\$\$\*/g"],
# stdin=m4_process.stdout, stdout=int_file)
# outs, errs = m4_process.communicate()
# echo "divert" >> $5/all_interfaces.conf
-with open(os.path.join(sys.argv[5], "all_interfaces.conf"), "a") as file:
+with open(os.path.join(tmpdir, "all_interfaces.conf"), "a") as file:
file.write("divert\n")
# tmp/%.mod
# m4 $M4PARAM -s $M4SUPPORT $5/all_interfaces.conf $1 > $5/$MODULE_NAME.tmp
-with open(os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
+with open(os.path.join(tmpdir, "{}.tmp".format(module_name)),
"w") as tmp_file:
subprocess.run(["m4", *m4param, "-s", *m4support,
- os.path.join(sys.argv[5], "all_interfaces.conf"),
- sys.argv[1]], stdout=tmp_file, check=True)
+ os.path.join(tmpdir, "all_interfaces.conf"),
+ policy_te], stdout=tmp_file, check=True)
# checkmodule -M -m $5/$MODULE_NAME.tmp -o $5/$MODULE_NAME.mod
subprocess.run([checkmod_path,
"-M",
"-m",
- os.path.join(sys.argv[5], "{}.tmp".format(module_name)),
+ os.path.join(tmpdir, "{}.tmp".format(module_name)),
"-o",
- os.path.join(sys.argv[5], "{}.mod".format(module_name))],
+ os.path.join(tmpdir, "{}.mod".format(module_name))],
check=True)
# tmp/%.mod.fc
# m4 $M4PARAM $M4SUPPORT $3 > $5/$MODULE_NAME.mod.fc
-with open(os.path.join(sys.argv[5],
+with open(os.path.join(tmpdir,
"{}.mod.fc".format(module_name)), "w") as mod_fc_file:
- subprocess.run(["m4", *m4param, *m4support, sys.argv[3]],
+ subprocess.run(["m4", *m4param, *m4support, policy_fc],
stdout=mod_fc_file, check=True)
# %.pp
@@ -139,9 +146,9 @@ with open(os.path.join(sys.argv[5],
# -f $5/$MODULE_NAME.mod.fc
subprocess.run([semod_path,
"-o",
- sys.argv[4],
+ policy_mod,
"-m",
- os.path.join(sys.argv[5], "{}.mod".format(module_name)),
+ os.path.join(tmpdir, "{}.mod".format(module_name)),
"-f",
- os.path.join(sys.argv[5], "{}.mod.fc".format(module_name))],
+ os.path.join(tmpdir, "{}.mod.fc".format(module_name))],
check=True)
--
2.31.1
More information about the libvir-list
mailing list