Message 307793 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	xdegaye
Recipients	barry, serhiy.storchaka, xdegaye
Date	2017-12-07.09:35:01
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1512639302.53.0.213398074469.issue32199@psf.upfronthosting.co.za>
In-reply-to

Content
On archlinux it is easy to know precisely what patches are applied to iproute2 and how it is built (see https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/iproute2). The attached two files, archlinux-ip_link.strace and archlinux-ip_link_list.strace, contain the output of strace run on the commands 'ip link' and 'ip link list' on archlinux. * For 'ip link', the sendto() syscall uses RTM_GETLINK to get information about a specific network interface. * For 'ip link list', this sendto() syscall is preceded by another sendto() syscall using RTM_NEWLINK to create information about a specific network interface. Conclusions: 1) Both commands are not equivalent, this seems to be a bug in iproute2 or its documentation (I did not read the whole iproute2 documentation). 2) By using RTM_NEWLINK, 'ip link list' requests a write-like operation that may be denied by SELinux if there is no policy that allows netlink_route_socket (nlmsg_write). I may be wrong but on Android API 26 it seems that only few processes get that permission: dhcp, clatd, logd, netd, rild, ... 3) From Python perspective it is more robust to call 'ip link' to handle platforms where SELinux is run in enforcing mode. I will update the PR to do only that change: s/ip link list/ip link/

On archlinux it is easy to know precisely what patches are applied to iproute2 and how it is built (see https://git.archlinux.org/svntogit/packages.git/tree/trunk?h=packages/iproute2).

The attached two files, archlinux-ip_link.strace and archlinux-ip_link_list.strace, contain the output of strace run on the commands 'ip link' and 'ip link list' on archlinux.
* For 'ip link', the sendto() syscall uses RTM_GETLINK to get information about a specific network interface.
* For 'ip link list', this sendto() syscall is preceded by another sendto() syscall using RTM_NEWLINK to *create* information about a specific network interface.

Conclusions:
1) Both commands are not equivalent, this seems to be a bug in iproute2 or its documentation (I did not read the whole iproute2 documentation).
2) By using RTM_NEWLINK, 'ip link list' requests a write-like operation that may be denied by SELinux if there is no policy that allows netlink_route_socket (nlmsg_write). I may be wrong but on Android API 26 it seems that only few processes get that permission: dhcp, clatd, logd, netd, rild, ...
3) From Python perspective it is more robust to call 'ip link' to handle platforms where SELinux is run in enforcing mode.

I will update the PR to do only that change: s/ip link list/ip link/

History
Date	User	Action	Args
2017-12-07 09:35:02	xdegaye	set	recipients: + xdegaye, barry, serhiy.storchaka
2017-12-07 09:35:02	xdegaye	set	messageid: <1512639302.53.0.213398074469.issue32199@psf.upfronthosting.co.za>
2017-12-07 09:35:02	xdegaye	link	issue32199 messages
2017-12-07 09:35:02	xdegaye	create