Bug 1247575 - sepolicy/__init__.py", line 831, in _dict_has_perms - TypeError: expected bytes, str found
sepolicy/__init__.py", line 831, in _dict_has_perms - TypeError: expected byt...
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
23
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Petr Lautrbach
Fedora Extras Quality Assurance
:
Depends On:
Blocks: 1076441
  Show dependency treegraph
 
Reported: 2015-07-28 07:20 EDT by Petr Lautrbach
Modified: 2015-08-26 00:32 EDT (History)
4 users (show)

See Also:
Fixed In Version: 2.4-10.fc23
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-08-26 00:32:49 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Petr Lautrbach 2015-07-28 07:20:02 EDT
Description of problem:

# cat > avc
type=AVC msg=audit(1438030313.956:3777): avc:  denied  { write } for  pid=8975 comm="cp" name="semanage.conf" dev="dm-3" ino=4461693 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
type=AVC msg=audit(1438030803.435:3784): avc:  denied  { write } for  pid=13793 comm="debugedit" name="sestatus" dev="dm-3" ino=4461956 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1

# audit2allow -i avc                 
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 360, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 347, in main
    self.__process_input()
  File "/usr/bin/audit2allow", line 175, in __process_input
    self.__avs = self.__parser.to_access()
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 580, in to_access
    base_type = self.__get_base_type(avc.tcontext.type, avc.scontext.type)
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 552, in __get_base_type
    for writable in sepolicy.get_writable_files(scontext):
  File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 212, in get_writable_files
    permlist = search([ALLOW],{'source':setype,  'permlist':['open', 'write'], 'class':'file'})
  File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 72, in search
    dict_list = [x for x in dict_list if _dict_has_perms(x, perms)]
  File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 72, in <listcomp>
    dict_list = [x for x in dict_list if _dict_has_perms(x, perms)]
  File "/usr/lib64/python3.4/site-packages/sepolicy/__init__.py", line 831, in _dict_has_perms
    for perm in perms:
TypeError: expected bytes, str found


# rpm -qf /usr/lib64/python3.4/site-packages/sepolicy/__init__.py                                                                    policycoreutils-python3-2.4-7.fc23.x86_64
Comment 1 Fedora Update System 2015-08-06 12:22:57 EDT
policycoreutils-2.4-8.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/policycoreutils-2.4-8.fc23
Comment 2 Fedora Update System 2015-08-08 12:19:51 EDT
Package policycoreutils-2.4-8.fc23:
* should fix your issue,
* was pushed to the Fedora 23 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.4-8.fc23'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13026/policycoreutils-2.4-8.fc23
then log in and leave karma (feedback).
Comment 3 Michal Srb 2015-08-13 05:22:42 EDT
I am afraid that this is still broken (but the stacktrace is different), even with the latest policycoreutils from updates-testing:

# rpm -q policycoreutils
policycoreutils-2.4-8.fc23.x86_64

# audit2allow -i avc     
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 360, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 347, in main
    self.__process_input()
  File "/usr/bin/audit2allow", line 175, in __process_input
    self.__avs = self.__parser.to_access()
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 596, in to_access
    avc.path = self.__restore_path(avc.name, avc.ino)
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 531, in __restore_path
    output = util.decode_input(output)
  File "/usr/lib64/python3.4/site-packages/sepolgen/util.py", line 112, in decode_input
    decoded_text = text.decode(encoding)
AttributeError: 'str' object has no attribute 'decode'
Comment 4 Michal Srb 2015-08-13 05:46:59 EDT
This works for me (with policycoreutils-2.4-8.fc23.x86_64):

# cat avc-simple
type=AVC msg=audit(1438170817.500:690): avc:  denied  { entrypoint } for  pid=20376 comm="runcon" path="/usr/bin/cat" dev="dm-0" ino=553 scontext=system_u:system_r:httpd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:bin_t:s0 tclass=file permissive=0

# audit2allow -i avc-simple 


#============= httpd_t ==============
allow httpd_t bin_t:file entrypoint;

But this one fails:

# cat avc
type=AVC msg=audit(1438030313.956:3777): avc:  denied  { write } for  pid=8975 comm="cp" name="semanage.conf" dev="dm-3" ino=4461693 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1
type=AVC msg=audit(1438030803.435:3784): avc:  denied  { write } for  pid=13793 comm="debugedit" name="sestatus" dev="dm-3" ino=4461956 scontext=staff_u:staff_r:staff_t:s0 tcontext=system_u:object_r:default_t:s0 tclass=file permissive=1

# audit2allow -i avc
Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 360, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 347, in main
    self.__process_input()
  File "/usr/bin/audit2allow", line 175, in __process_input
    self.__avs = self.__parser.to_access()
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 596, in to_access
    avc.path = self.__restore_path(avc.name, avc.ino)
  File "/usr/lib64/python3.4/site-packages/sepolgen/audit.py", line 531, in __restore_path
    output = util.decode_input(output)
  File "/usr/lib64/python3.4/site-packages/sepolgen/util.py", line 112, in decode_input
    decoded_text = text.decode(encoding)
AttributeError: 'str' object has no attribute 'decode'
Comment 5 Michal Srb 2015-08-13 05:51:33 EDT
I think I know where the problem is. I will add the patch to my existing pull request at GitHub:

https://github.com/fedora-selinux/selinux/pull/14
Comment 6 Petr Lautrbach 2015-08-13 06:07:00 EDT
Thanks. Re-opening the bug.
Comment 7 Fedora Update System 2015-08-13 12:03:18 EDT
policycoreutils-2.4-9.fc23 has been submitted as an update for Fedora 23.
https://admin.fedoraproject.org/updates/policycoreutils-2.4-9.fc23
Comment 8 Fedora Update System 2015-08-14 22:19:51 EDT
Package policycoreutils-2.4-9.fc23:
* should fix your issue,
* was pushed to the Fedora 23 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing policycoreutils-2.4-9.fc23'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2015-13499/policycoreutils-2.4-9.fc23
then log in and leave karma (feedback).
Comment 9 Fedora Update System 2015-08-22 12:24:29 EDT
policycoreutils-2.4-10.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update policycoreutils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-13922
Comment 10 Fedora Update System 2015-08-26 00:32:44 EDT
policycoreutils-2.4-10.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.