| Summary: | sedispol seems to loop indefinitely | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
| Component: | checkpolicy | Assignee: | Petr Lautrbach <plautrba> |
| Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7.2 | CC: | lvrabec, mgrepl, mmalik, plautrba |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | checkpolicy-2.5-2.el7.x86_64 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-11-04 02:15:53 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2281.html |
Description of problem: * sedispol does not show any unconditional rules when analyzing binary policy Version-Release number of selected component (if applicable): checkpolicy-2.1.12-6.el7.x86_64 selinux-policy-3.13.1-60.el7.noarch selinux-policy-targeted-3.13.1-60.el7.noarch How reproducible: always Steps to Reproduce: # sedispol /etc/selinux/targeted/policy/policy.29 Reading policy... libsepol.policydb_index_others: security: 8 users, 105 roles, 4969 types, 303 bools libsepol.policydb_index_others: security: 1 sens, 1024 cats libsepol.policydb_index_others: security: 83 classes, 105836 rules, 16314 cond rules binary policy file loaded Select a command: 1) display unconditional AVTAB 2) display conditional AVTAB (entirely) 3) display conditional AVTAG (only ENABLED rules) 4) display conditional AVTAB (only DISABLED rules) 5) display conditional bools 6) display conditional expressions 7) change a boolean value 8) display role transitions c) display policy capabilities p) display the list of permissive types u) display unknown handling setting F) display filename_trans rules f) set output file m) display menu q) quit Command ('m' for menu): 1 Actual results: * it consumes 100% of CPU for a long time without showing any results Expected results: * it shows all unconditional rules and stops consuming 100% of CPU