Bug 1601958

Summary: seinfo cannot resolve dccp portcons
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: setoolsAssignee: Petr Lautrbach <plautrba>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.6CC: lvrabec, mgrepl, mmalik, plautrba, vmojzis
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-10-30 09:36:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
example policy.conf file
none
Setools3 patch fixing support for DCCP portcon none

Description Milos Malik 2018-07-17 14:42:04 UTC 
Description of problem:
 * if policy contains a portcon definition with DCCP port then seinfo --portcon fails to show it

Version-Release number of selected component (if applicable):
checkpolicy-2.5-7.el7.x86_64
setools-3.3.8-3.el7.x86_64
setools-console-3.3.8-3.el7.x86_64
setools-gui-3.3.8-3.el7.x86_64
setools-libs-3.3.8-3.el7.x86_64
setools-libs-tcl-3.3.8-3.el7.x86_64

How reproducible:
 * always

Steps to Reproduce:
# grep dccp policy.conf.from.secilc 
portcon dccp 1025 system_u:system_r:bin_t:s0:c0 - s1:c0,c1
# checkpolicy -M -o policy.out policy.conf.from.secilc 
checkpolicy:  loading policy configuration from policy.conf.from.secilc
checkpolicy:  policy configuration loaded
checkpolicy:  writing binary representation (version 31) to policy.out
# ls -l policy.out 
-rw-r--r--. 1 root root 4685 Jul 17 10:38 policy.out
# seinfo --portcon ./policy.out 

Portcon: 3
	portcon tcp 22 system_u:system_r:bin_t:s0:c0 - s1:c0.c1
	portcon udp 25 system_u:system_r:bin_t:s0:c0 - s1:c0.c1
ERROR: Could not get protocol string.
	(null)
# 

Additional information:
 * the same scenario works as expected on Fedora 28 (tested with setools 4.2)
Comment 1 Milos Malik 2018-07-17 14:44:09 UTC 
Created attachment 1459439 [details]
example policy.conf file
Comment 2 Vit Mojzis 2018-07-23 14:13:08 UTC 
Created attachment 1469968 [details]
Setools3 patch fixing support for DCCP portcon
Comment 6 errata-xmlrpc 2018-10-30 09:36:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3091