Skip to content

selinux.port: fix a bug where the op would not find existing labels if sepolicy command was missing from the host#1654

Merged
Fizzadar merged 2 commits intopyinfra-dev:3.xfrom
yacoob:yacoob/seports
Apr 20, 2026
Merged

selinux.port: fix a bug where the op would not find existing labels if sepolicy command was missing from the host#1654
Fizzadar merged 2 commits intopyinfra-dev:3.xfrom
yacoob:yacoob/seports

Conversation

@yacoob
Copy link
Copy Markdown
Contributor

@yacoob yacoob commented Apr 4, 2026

I think this is the right direction to converge on, as there's probably code out there that uses pyinfra and expects ints. Or not, given this has flown 4y under the radar :D

I've converted the test fixtures to yaml, as you can't have int keys in json. Once converted, the bug was visible, and those test cases started to fail.

Fixes #1644.

  • Pull request is based on the default branch (3.x at this time)
  • Pull request includes tests for any new/updated operations/facts
  • Pull request includes documentation for any new/updated operations/facts
  • Tests pass (see scripts/dev-test.sh)
  • Type checking & code style passes (see scripts/dev-lint.sh)

yacoob added 2 commits April 4, 2026 15:57
@yacoob
selinux: convert selinux.port test fixtures to yaml
969b2c0 
This way port numbers are ints, as documented. This exposes a bug in selinux.port that looks up port numbers as strings.

FAILED tests/test_operations.py::selinux.port::test_selinux_port_add_different - AssertionError: assert ['semanage po..._t -p tcp 22'] == ['semanage po..._t -p tcp 22']
FAILED tests/test_operations.py::selinux.port::test_selinux_port_add_same - AssertionError: assert ['semanage po..._t -p tcp 22'] == []
FAILED tests/test_operations.py::selinux.port::test_selinux_port_remove_existing - AssertionError: assert [] == ['semanage port -d -p tcp 22']
@yacoob
selinux: look up ports in port_info as ints, instead of strings
db57a26
@yacoob yacoob changed the title selinux.ports: fix a bug where the op would not find existing labels if sepolicy command was missing from the host selinux.port: fix a bug where the op would not find existing labels if sepolicy command was missing from the host Apr 4, 2026
Fizzadar
Fizzadar approved these changes Apr 20, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@Fizzadar Fizzadar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, thank you @yacoob!

@Fizzadar Fizzadar merged commit 09c07a4 into pyinfra-dev:3.x Apr 20, 2026
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Fizzadar Fizzadar Fizzadar approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

SEPorts.process stores int keys, selinux.port looks up str keys

2 participants

@yacoob @Fizzadar