util/selinux: add setfilecon method

This is basically a re-implementation of `setfilecon(3)` minus the translation of human readable context to raw context. Add test for the new function.
2022-03-18 17:18:16 +01:00 · 2022-03-18 17:18:16 +01:00 · 75df59bace
commit 75df59bace
parent 5735357b74
2 changed files with 46 additions and 0 deletions
--- a/osbuild/util/selinux.py
+++ b/osbuild/util/selinux.py
@ -1,5 +1,6 @@
 """SELinux utility functions"""

+import errno
 import os
 import subprocess

@ -57,3 +58,27 @@ def getfilecon(path: str) -> str:
    label = os.getxattr(path, XATTR_NAME_SELINUX,
                        follow_symlinks=False)
    return label.decode().strip('\n\0')
+
+
+def setfilecon(path: str, context: str) -> None:
+    """
+    Set the security context associated with `path`
+
+    Like `setfilecon`(3), but does not attempt to translate
+    the context via `selinux_trans_to_raw_context`.
+    """
+
+    try:
+        os.setxattr(path, XATTR_NAME_SELINUX,
+                    context.encode(),
+                    follow_symlinks=True)
+    except OSError as err:
+        # in case we get a not-supported error, check if
+        # the context we want to set is already set and
+        # ignore the error in that case. This follows the
+        # behavior of `setfilecon(3)`.
+        if err.errno == errno.ENOTSUP:
+            have = getfilecon(path)
+            if have == context:
+                return
+        raise