plugins: Catch all subprocess exceptions

Some exceptions were not correctly handled so that setroubleshootd could stop work
fedora-selinux · Jun 22, 2016 · 578dd34 · 578dd34
1 parent 5bc7625
commit 578dd34
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 8 deletions.
diff --git a/plugins/src/allow_execmod.py b/plugins/src/allow_execmod.py
@@ -95,8 +95,11 @@ def analyze(self, avc):
         if avc.has_any_access_in(['execmod']):
             # MATCH
             # from https://docs.python.org/2.7/library/subprocess.html#replacing-shell-pipeline
-            p1 = subprocess.Popen(['eu-readelf', '-d', avc.tpath], stdout=subprocess.PIPE)
-            p2 = subprocess.Popen(["fgrep", "-q", "TEXTREL"], stdin=p1.stdout, stdout=subprocess.PIPE)
+            try:
+                p1 = subprocess.Popen(['eu-readelf', '-d', avc.tpath], stdout=subprocess.PIPE)
+                p2 = subprocess.Popen(["fgrep", "-q", "TEXTREL"], stdin=p1.stdout, stdout=subprocess.PIPE)
+            except:
+                return None
             p1.stdout.close()  # Allow p1 to receive a SIGPIPE if p2 exits.
             p1.wait()
             p2.wait()

diff --git a/plugins/src/allow_execstack.py b/plugins/src/allow_execstack.py
@@ -30,14 +30,21 @@ def is_execstack(path):
     if path[0] != "/":
         return False
 
-    x = subprocess.check_output(["execstack",  "-q", path], universal_newlines=True).split()
+    try:
+        x = subprocess.check_output(["execstack",  "-q", path], universal_newlines=True).split()
+    except:
+        return False
     return ( x[0] == "X" )
 
 def find_execstack(exe, pid):
     execstacklist = []
-    for path in subprocess.check_output(["ldd", exe], universal_newlines=True).split():
+    try:
+        paths = subprocess.check_output(["ldd", exe], universal_newlines=True).split()
+    except:
+        return execstacklist
+    for path in paths:
         if is_execstack(path) and path not in execstacklist:
-                execstacklist.append(path)
+            execstacklist.append(path)
     try:
         fd = open("/proc/%s/maps" % pid , "r")
         for rec in fd.readlines():

diff --git a/plugins/src/findexecstack b/plugins/src/findexecstack
@@ -6,14 +6,21 @@ def is_execstack(path):
     if path[0] != "/":
         return False
 
-    x = subprocess.check_output(["execstack",  "-q", path], universal_newlines=True).split()
+    try:
+        x = subprocess.check_output(["execstack",  "-q", path], universal_newlines=True).split()
+    except:
+        return False
     return ( x[0]  == "X" )
 
 def find_execstack(exe, pid):
     execstacklist = []
-    for path in subprocess.check_output(["ldd", sys.argv[1]], universal_newlines=True).split():
+    try:
+        paths = subprocess.check_output(["ldd", sys.argv[1]], universal_newlines=True).split()
+    except:
+        return execstacklist
+    for path in paths:
         if is_execstack(path) and path not in execstacklist:
-                execstacklist.append(path)
+            execstacklist.append(path)
     try:
         fd = open("/proc/%s/maps" % pid , "r")
         for rec in fd.readlines():