Output of `seinfo -c -x` and others is not predictable

Question

Output of `seinfo -c -x` and others is not predictable

bachradsusi opened this issue 3 years ago · 1 comments

sh-5.1$ seinfo -c service -x

Classes: 1
   class service
{
        reload
        disable
        status
        enable
        stop
        start
}
sh-5.1$ seinfo -c service -x

Classes: 1
   class service
{
        disable
        reload
        stop
        start
        enable
        status
}

It's due to the fact that perms are stored as frozenset which is an unordered collection. The following patch would fix it for classes, but I'm not sure whether it's the right approach:

diff --git a/setools/policyrep/objclass.pxi b/setools/policyrep/objclass.pxi
index b7ec7b7de5c3..5ee751b7b2b4 100644
--- a/setools/policyrep/objclass.pxi
+++ b/setools/policyrep/objclass.pxi
@@ -204,7 +204,7 @@ cdef class ObjClass(PolicySymbol):
 
         # a class that inherits may not have additional permissions
         if len(self.perms) > 0:
-            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(self.perms))
+            stmt += "{{\n\t{0}\n}}".format('\n\t'.join(sorted(self.perms)))
 
         return stmt

If you agree with this I'm ready to prepare a patch with fixes for other statements with fronset

Answer 1 · 2021-11-11T21:58:48.000Z

I agree. I want the output to be stable wherever possible.