Bug 1249388
Summary: | audit2allow and python3 do not get along | ||||||
---|---|---|---|---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Daniel Walsh <dwalsh> | ||||
Component: | policycoreutils | Assignee: | Petr Lautrbach <plautrba> | ||||
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | high | ||||||
Version: | rawhide | CC: | awilliam, dwalsh, kevin, mgrepl, pbrobinson, plautrba, rkuska, robatino, sgallagh, ssekidde | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | RejectedBlocker AcceptedFreezeException | ||||||
Fixed In Version: | policycoreutils-2.4-8.fc23 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2015-08-15 02:20:48 UTC | Type: | Bug | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | |||||||
Bug Blocks: | 1076441, 1170818 | ||||||
Attachments: |
|
Description
Daniel Walsh
2015-08-02 10:53:08 UTC
If I edit audit2allow to run python2 audit2allow -i /tmp/t #============= svirt_lxc_net_t ============== #!!!! This avc is allowed in the current policy allow svirt_lxc_net_t urandom_device_t:chr_file { read open }; Another blowup using /var/log/audit/audit.log audit2allow -la Traceback (most recent call last): File "/bin/audit2allow", line 360, in <module> app.main() File "/bin/audit2allow", line 346, in main self.__read_input() File "/bin/audit2allow", line 164, in __read_input parser.parse_string(messages) File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 478, in parse_string lines = input.split('\n') TypeError: 'str' does not support the buffer interface Created attachment 1058471 [details]
audit log causing audit2allow to blow up
Proposed as a Blocker for 23-alpha by Fedora user mgrepl using the blocker tracking app because: sepolgen is not completely re-written to Python3. It causes failures if a user try to generate own SELinux policy for AVCs. It means he eitther needs to go thru audit.log and write it without this tool or he switches SELinux mode to permissive. I've missed Popen usage in audit.py when porting sepolgen to python3. I have prepared patch to fix 'TypeError: 'str' does not support the buffer interface' Also output.py was missed because of missing tests, I will fix that too. This doesn't seem to meet any of the Alpha criteria. It's not even a Beta or Final requirement that custom SELinux policy generation work. -1 blocker unless I'm missing something. *** Bug 1250557 has been marked as a duplicate of this bug. *** I'm similarly -1 blocker, but given how useful audit2allow and audit2why are in tracking down other issues, I'd vehemently vote for +1 Freeze Exception if a fix is prepared in time. -1 blocker, +1 FE Well, I can go with +1 FE on merit, but we're gonna spin RC2 in like a few minutes. Still, that's -3/+3, so marking. Well it is simple to fix if you have python2 installed. Change /usr/bin/python3 to /usr/bin/python. in /usr/bin/audit2allow. policycoreutils-2.4-8.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/policycoreutils-2.4-8.fc23 Package policycoreutils-2.4-8.fc23: * should fix your issue, * was pushed to the Fedora 23 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.4-8.fc23' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-13026/policycoreutils-2.4-8.fc23 then log in and leave karma (feedback). policycoreutils-2.4-8.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. |