Bug 855483
| Summary: | allow2audit doesn't parse boot date correctly in all locales | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Ian Dall <ian> |
| Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 17 | CC: | dwalsh, mgrepl, scott-fedora, sgrubb |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | policycoreutils-2.1.13-27.3.fc17 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-12-20 16:09:22 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Ian Dall
2012-09-08 01:40:08 UTC
Steve does ausearch handle this properly? Ausearch does this in main() :
/* Check params and build regexpr */
setlocale (LC_ALL, "");
According to the man page:
If locale is "", each part of the locale that should be modified is set
according to the environment variables.
So, ausearch _should_ be OK. Does policycoreutils use ausearch or libauparse?
I'm not sure what would be the equivalent as there is no "since boot" option for ausearch. I can set -te or -ts putting the date in the en_AU locale format and it works properly and it all works properly.
def get_audit_boot_msgs():
"""Obtain all of the avc and policy load messages from the audit
log. This function uses ausearch and requires that the current
process have sufficient rights to run ausearch.
Returns:
string contain all of the audit messages returned by ausearch.
"""
import subprocess
import time
fd=open("/proc/uptime", "r")
off=float(fd.read().split()[0])
fd.close
s = time.localtime(time.time() - off)
date = time.strftime("%D/%Y", s).split("/")
bootdate="%s/%s/%s" % (date[0], date[1], date[3])
boottime = time.strftime("%X", s)
output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime],
stdout=subprocess.PIPE).communicate()[0]
return output
This is the python code that we are calling.
So how about:
bootdate = time.strftime("%x", s)
instead of
date = time.strftime("%D/%Y", s).split("/")
bootdate="%s/%s/%s" % (date[0], date[1], date[3])
At least in my locale, the year is in 2 digit format, so this would fail
if the boot date it before a century boundary boundary, but otherwise should work.
Fixed in policycoreutils-2.1.12-4.fc17 policycoreutils-2.1.12-4.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.12-4.fc17 Package policycoreutils-2.1.12-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-4.fc17 then log in and leave karma (feedback). Package policycoreutils-2.1.12-5.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-5.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-5.fc17 then log in and leave karma (feedback). policycoreutils-2.1.12-5.fc17 breaks on my system. Running "audit2allow -b" results in: Error - year is 12 Tracked the problem down to the date string generated with above fix... which resulted in the following ausearch call: /sbin/ausearch -m AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR -ts 12/06/12 14:45:43 My LANG environment (set on the kernel commandline and in /etc/locale.conf) is: LANG=en_US.UTF-8 Modifying the LANG to something other than UTF-8 works around the issue, eg: LANG=en_US.en_AU audit2allow -b ... works. We have fixed this in the F18 code base. Any chance of getting this backported? Most people probably won't discover the LANG workaround in F17... Just check if adding these lines to /usr/bin/audit2allow fixes the problem.
diff -u audit2allow /usr/bin/audit2allow
--- audit2allow 2012-09-25 16:17:37.000000000 -0400
+++ /usr/bin/audit2allow 2012-12-10 11:10:12.000000000 -0500
@@ -29,6 +29,8 @@
import sepolgen.module as module
from sepolgen.sepolgeni18n import _
import selinux.audit2why as audit2why
+import locale
+locale.setlocale(locale.LC_ALL, '')
class AuditToPolicy:
VERSION = "%prog .1"
[Exit 1]
Yep, tried the patch and both audit2allow and audit2why work as expected. Fixed in policycoreutils-2.1.13-27.1.fc17 policycoreutils-2.1.13-27.1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.1.fc17 Updated to 2.1.13-27.1 - audit2allow works great :) Added karma on fedoraproject. policycoreutils-2.1.12-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. policycoreutils-2.1.13-27.2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.2.fc17 policycoreutils-2.1.13-27.3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.3.fc17 policycoreutils-2.1.13-27.3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |