Bug 868657

Summary: semanage is segfaulting when add a local fcontext
Product: [Fedora] Fedora Reporter: Bruno Wolff III <bruno>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: bruno, dwalsh, mgrepl
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-10-27 02:22:24 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strace output
none
Updated strace output for checkpolicy-2.1.11-2.fc19.i686 none

Description Bruno Wolff III 2012-10-21 13:54:39 UTC 
Description of problem:
semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
Segmentation fault

Version-Release number of selected component (if applicable):
policycoreutils-python-2.1.13-3.fc19.i686
selinux-policy-3.11.1-41.fc18.noarch

How reproducible:
Seems to happen repeatedly.
Comment 1 Bruno Wolff III 2012-10-23 02:41:37 UTC 
policycoreutils-python-2.1.13-15.fc18.i686 still has the issue.
Comment 2 Daniel Walsh 2012-10-24 19:14:20 UTC 
Strange I am not seeing this.

# semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
#
What does 

semanage fcontext -l -C
SELinux fcontext                                   type               Context

/home/fedora(/.*)?                                 all files          system_u:object_r:httpd_sys_content_t:s0 
/sda3(/.*)?                                        all files          system_u:object_r:svirt_t:s0 
/test/symlinked/file                               regular file       system_u:object_r:httpd_sys_content_t:s0 
/usr/lib/libreoffice(/.*)?/bin(/.*)?               all files          system_u:object_r:bin_t:s0 

SELinux Local fcontext Equivalence 

/opt/rh/ruby-1.0 = /

Say?
Comment 3 Bruno Wolff III 2012-10-24 20:27:00 UTC 
On the system with problem no output is returned:
[root@bruno bruno]# semanage fcontext -l -C
[root@bruno bruno]#
Comment 4 Daniel Walsh 2012-10-24 20:32:38 UTC 
rpm -q libsemanage

Also can you get me the strace, so I have some idea where this is happening?
Comment 5 Bruno Wolff III 2012-10-24 20:41:19 UTC 
libsemanage-2.1.9-1.fc19.i686

How do I get the strace? Usually python stuff just prints one when it crashes.
Comment 6 Daniel Walsh 2012-10-24 20:46:57 UTC 
strace -o /tmp/strace.out semanage fcontext -d -t httpd_sys_content_t "/home/fedora(/.*)?"
Comment 7 Bruno Wolff III 2012-10-24 21:01:42 UTC 
When I use -d instead of -a I just get a normal error message. Running strace didn't seem to help.
[root@bruno bruno]# strace -o /tmp/strace.out semanage fcontext -d -t httpd_sys_content_t "/home/fedora(/.*)?"
/usr/sbin/semanage: File context for /home/fedora(/.*)? is not defined
[root@bruno bruno]# strace -o /tmp/strace.out semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
Segmentation fault
[root@bruno bruno]#
Comment 8 Bruno Wolff III 2012-10-24 21:05:01 UTC 
Created attachment 633043 [details]
strace output

That was dumb. I didn't read the command to see that the output was stuff in /tmp. I have attached what i think you are looking for.
Comment 9 Miroslav Grepl 2012-10-25 08:58:52 UTC 
*** Bug 868655 has been marked as a duplicate of this bug. ***
Comment 10 Daniel Walsh 2012-10-25 17:59:13 UTC 
I just noticed that you are running F19 builds.  I did not know f19 had a newer build.  I will rebuild the latest into Rawhide.  I guess it is time I moved on to Rawhide.

Fixed in policycoreutils-2.1.13-16.fc19 (I hope)
Comment 11 Bruno Wolff III 2012-10-25 19:51:49 UTC 
I am still getting a segfault with policycoreutils-2.1.13-17.fc19.i686. I need to run now, but I'll get an strace late tonight and also see if the minimum policy installs without error.
Comment 12 Daniel Walsh 2012-10-25 20:26:14 UTC 
rpm -q libsepol libselinux
Comment 13 Daniel Walsh 2012-10-25 20:30:23 UTC 
Building new versions of libselinux, libsepol and checkpolicy
Comment 14 Bruno Wolff III 2012-10-26 04:03:32 UTC 
bash-4.2$ rpm -q libsepol libselinux
libsepol-2.1.8-2.fc19.i686
libselinux-2.1.12-1.fc19.i686

I'm working on doing the checkpolicy update now.
Comment 15 Bruno Wolff III 2012-10-26 04:20:26 UTC 
Created attachment 633632 [details]
Updated strace output for checkpolicy-2.1.11-2.fc19.i686

The problem still happens with checkpolicy-2.1.11-2.fc19.i686.
Comment 16 Bruno Wolff III 2012-10-26 04:26:47 UTC 
I'm still seeing:
Installing : selinux-policy-minimum-3.11.1-43.fc18.noarch                 1/1 
libsepol.sepol_context_from_string: malformed context "" (Invalid argument).
libsepol.sepol_context_from_string: could not construct context from string (Invalid argument).
libsepol.sepol_context_from_string: malformed context "" (Invalid argument).
libsepol.sepol_context_from_string: could not construct context from string (Invalid argument).
when reinstalling selinux-policy-minimum (the duplicate bug, 868655).
Comment 17 Bruno Wolff III 2012-10-26 20:05:13 UTC 
With policycoreutils-2.1.13-18.fc19.i686 selinux-policy-minimum-3.11.1-43.fc18.noarch re-installs cleanly, but I am still seeing a segfault when trying to add a context pattern with semanage.
Comment 18 Bruno Wolff III 2012-10-27 02:22:24 UTC 
After upgrading to selinux-policy-3.11.1-46.fc18.noarch (and corresponding subpackages) I can now add local context rules. It's odd that this fixed this, but my immediate problem is resolved.
Comment 19 Daniel Walsh 2012-10-27 10:31:58 UTC 
I have no idea.  Bruno thanks for your patience.  I am trying to upgrade to rawhide and for some reason yum is blowing up, leaving me half way there.  If you have more problems reopen the bug.