Bug 1247575
| Summary: | sepolicy/__init__.py", line 831, in _dict_has_perms - TypeError: expected bytes, str found | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Petr Lautrbach <plautrba> |
| Component: | policycoreutils | Assignee: | Petr Lautrbach <plautrba> |
| Status: | CLOSED NEXTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 23 | CC: | dwalsh, mgrepl, msrb, plautrba |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | 2.4-10.fc23 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2015-08-26 04:32:49 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1076441 | ||
policycoreutils-2.4-8.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/policycoreutils-2.4-8.fc23 Package policycoreutils-2.4-8.fc23: * should fix your issue, * was pushed to the Fedora 23 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.4-8.fc23' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-13026/policycoreutils-2.4-8.fc23 then log in and leave karma (feedback). I am afraid that this is still broken (but the stacktrace is different), even with the latest policycoreutils from updates-testing:
# rpm -q policycoreutils
policycoreutils-2.4-8.fc23.x86_64
# audit2allow -i avc
Traceback (most recent call last):
File "/usr/bin/audit2allow", line 360, in <module>
app.main()
File "/usr/bin/audit2allow", line 347, in main
self.__process_input()
File "/usr/bin/audit2allow", line 175, in __process_input
self.__avs = self.__parser.to_access()
File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 596, in to_access
avc.path = self.__restore_path(avc.name, avc.ino)
File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 531, in __restore_path
output = util.decode_input(output)
File "/usr/lib64/python3.4/site-packages/sepolgen/util.py", line 112, in decode_input
decoded_text = text.decode(encoding)
AttributeError: 'str' object has no attribute 'decode'
This works for me (with policycoreutils-2.4-8.fc23.x86_64):
# cat avc-simple
type=AVC msg=audit(1438170817.500:690): avc: denied { entrypoint } for pid=20376 comm="runcon" path="/usr/bin/cat" dev="dm-0" ino=553 scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0
# audit2allow -i avc-simple
#============= httpd_t ==============
allow httpd_t bin_t:file entrypoint;
But this one fails:
# cat avc
type=AVC msg=audit(1438030313.956:3777): avc: denied { write } for pid=8975 comm="cp" name="semanage.conf" dev="dm-3" ino=4461693 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
type=AVC msg=audit(1438030803.435:3784): avc: denied { write } for pid=13793 comm="debugedit" name="sestatus" dev="dm-3" ino=4461956 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
# audit2allow -i avc
Traceback (most recent call last):
File "/usr/bin/audit2allow", line 360, in <module>
app.main()
File "/usr/bin/audit2allow", line 347, in main
self.__process_input()
File "/usr/bin/audit2allow", line 175, in __process_input
self.__avs = self.__parser.to_access()
File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 596, in to_access
avc.path = self.__restore_path(avc.name, avc.ino)
File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 531, in __restore_path
output = util.decode_input(output)
File "/usr/lib64/python3.4/site-packages/sepolgen/util.py", line 112, in decode_input
decoded_text = text.decode(encoding)
AttributeError: 'str' object has no attribute 'decode'
I think I know where the problem is. I will add the patch to my existing pull request at GitHub: https://github.com/fedora-selinux/selinux/pull/14 Thanks. Re-opening the bug. policycoreutils-2.4-9.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/policycoreutils-2.4-9.fc23 Package policycoreutils-2.4-9.fc23: * should fix your issue, * was pushed to the Fedora 23 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.4-9.fc23' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-13499/policycoreutils-2.4-9.fc23 then log in and leave karma (feedback). policycoreutils-2.4-10.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update policycoreutils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-13922 policycoreutils-2.4-10.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |
Description of problem: # cat > avc type=AVC msg=audit(1438030313.956:3777): avc: denied { write } for pid=8975 comm="cp" name="semanage.conf" dev="dm-3" ino=4461693 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1 type=AVC msg=audit(1438030803.435:3784): avc: denied { write } for pid=13793 comm="debugedit" name="sestatus" dev="dm-3" ino=4461956 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1 # audit2allow -i avc Traceback (most recent call last): File "/usr/bin/audit2allow", line 360, in <module> app.main() File "/usr/bin/audit2allow", line 347, in main self.__process_input() File "/usr/bin/audit2allow", line 175, in __process_input self.__avs = self.__parser.to_access() File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 580, in to_access base_type = self.__get_base_type(avc.tcontext.type, avc.scontext.type) File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 552, in __get_base_type for writable in sepolicy.get_writable_files(scontext): File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 212, in get_writable_files permlist = search([ALLOW],{'source':setype, 'permlist':['open', 'write'], 'class':'file'}) File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 72, in search dict_list = [x for x in dict_list if _dict_has_perms(x, perms)] File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 72, in <listcomp> dict_list = [x for x in dict_list if _dict_has_perms(x, perms)] File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 831, in _dict_has_perms for perm in perms: TypeError: expected bytes, str found # rpm -qf /usr/lib64/python3.4/site-packages/sepolicy/__init__.py policycoreutils-python3-2.4-7.fc23.x86_64