[meta-security,2/9] smack-test: more py3 covertion

Message ID	20220618134435.2370878-2-akuster808@gmail.com
State	Accepted, archived
Delegated to:	Armin Kuster
Headers	show Return-Path: <akuster808@gmail.com> ip: 209.85.214.179, mailfrom: akuster808@gmail.com) From: Armin Kuster <akuster808@gmail.com> To: yocto@lists.yoctoproject.org Subject: [meta-security][PATCH 2/9] smack-test: more py3 covertion Date: Sat, 18 Jun 2022 06:44:28 -0700 Message-Id: <20220618134435.2370878-2-akuster808@gmail.com> In-Reply-To: <20220618134435.2370878-1-akuster808@gmail.com> References: <20220618134435.2370878-1-akuster808@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-security,1/9] security-test-image: auto include layers if present. \| expand [meta-security,1/9] security-test-image: auto include layers if present. [meta-security,2/9] smack-test: more py3 covertion [meta-security,3/9] oeqa: update smack runtime test [meta-security,4/9] aide: add a few more config options [meta-security,5/9] oeqa: add aide test [meta-security,6/9] libmhash: add native pkg support [meta-security,7/9] classes: add aide routines [meta-security,8/9] aide: add native support for build time db creation [meta-security,9/9] aide.conf: adjust to allow for build time db creation

Message ID

20220618134435.2370878-2-akuster808@gmail.com

State

Accepted, archived

Delegated to:

Armin Kuster

Headers

From: Armin Kuster <akuster808@gmail.com>
To: yocto@lists.yoctoproject.org
Subject: [meta-security][PATCH 2/9] smack-test: more py3 covertion
Date: Sat, 18 Jun 2022 06:44:28 -0700
Message-Id: <20220618134435.2370878-2-akuster808@gmail.com>
In-Reply-To: <20220618134435.2370878-1-akuster808@gmail.com>
References: <20220618134435.2370878-1-akuster808@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-security,1/9] security-test-image: auto include layers if present. | expand

Commit Message

akuster808 June 18, 2022, 1:44 p.m. UTC

Signed-off-by: Armin Kuster <akuster808@gmail.com>
---
 recipes-mac/smack/smack-test/notroot.py              | 12 ++++++------
 .../smack/smack-test/smack_test_file_access.sh       | 10 +++++-----
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/recipes-mac/smack/smack-test/notroot.py b/recipes-mac/smack/smack-test/notroot.py
index f0eb0b5..89f83f4 100644
--- a/recipes-mac/smack/smack-test/notroot.py
+++ b/recipes-mac/smack/smack-test/notroot.py
@@ -1,4 +1,4 @@ 
-#!/usr/bin/env python
+#!/usr/bin/env python3
 #
 # Script used for running executables with custom labels, as well as custom uid/gid
 # Process label is changed by writing to /proc/self/attr/curent
@@ -9,8 +9,8 @@ 
 # """By  default,  each  user  in Debian GNU/Linux is given a corresponding group 
 # with the same name. """
 #
-# Usage: root@desk:~# python notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
-# eg: python notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
+# Usage: root@desk:~# python3 notroot.py <uid> <label> <full_path_to_executable> [arguments ..]
+# eg: python3 notroot.py 1000 User::Label /bin/ping -c 3 192.168.1.1
 #
 # Author: Alexandru Cornea <alexandru.cornea@intel.com>
 import os
@@ -28,6 +28,6 @@  try:
 	os.setuid(uid)	
 	os.execv(path,sys.argv)
 
-except Exception,e:
-	print e.message
-	sys.exit(1)
+except Exception as e:
+	print(e.strerror)
+	sys.exit(-1)
diff --git a/recipes-mac/smack/smack-test/smack_test_file_access.sh b/recipes-mac/smack/smack-test/smack_test_file_access.sh
index 5a0ce84..598f1df 100644
--- a/recipes-mac/smack/smack-test/smack_test_file_access.sh
+++ b/recipes-mac/smack/smack-test/smack_test_file_access.sh
@@ -8,7 +8,7 @@  CAT=`which cat`
 ECHO=`which echo`
 uid=1000
 initial_label=`cat /proc/self/attr/current`
-python $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
+python3 $TMP/notroot.py $uid "TheOther" $ECHO 'TEST' > $test_file
 chsmack -a "TheOther" $test_file
 
 #        12345678901234567890123456789012345678901234567890123456
@@ -17,7 +17,7 @@  rule_ro="TheOne                  TheOther                r----"
 
 # Remove pre-existent rules for "TheOne TheOther <access>"
 echo -n "$delrule" > $SMACK_PATH/load
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file 2>&1 1>/dev/null | grep -q "Permission denied" || RC=$?
 if [ $RC -ne 0 ]; then
 	echo "Process with different label than the test file and no read access on it can read it"
 	exit $RC
@@ -25,7 +25,7 @@  fi
 
 # adding read access
 echo -n "$rule_ro" > $SMACK_PATH/load
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
 if [ $RC -ne 0 ]; then
 	echo "Process with different label than the test file but with read access on it cannot read it"
 	exit $RC
@@ -36,7 +36,7 @@  echo -n "$delrule" > $SMACK_PATH/load
 # changing label of test file to *
 # according to SMACK documentation, read access on a * object is always permitted
 chsmack -a '*' $test_file
-python $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
+python3 $TMP/notroot.py $uid "TheOne" $CAT $test_file | grep -q "TEST" || RC=$?
 if [ $RC -ne 0 ]; then
 	echo  "Process cannot read file with * label"
 	exit $RC
@@ -45,7 +45,7 @@  fi
 # changing subject label to *
 # according to SMACK documentation, every access requested by a star labeled subject is rejected
 TOUCH=`which touch`
-python $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
+python3 $TMP/notroot.py $uid '*' $TOUCH $TMP/test_file_2
 ls -la $TMP/test_file_2 2>&1 | grep -q 'No such file or directory' || RC=$?
 if [ $RC -ne 0 ];then
 	echo "Process with label '*' should not have any access"

[meta-security,2/9] smack-test: more py3 covertion

Commit Message

Patch