Description of problem: # /usr/sbin/semanage login -a -s staff_u -r s0-s0:c0.c1023 yeti libsemanage.dbase_llist_query: could not query record value (No such file or directory). FileNotFoundError: [Errno 2] No such file or directory # rpm -qf /usr/sbin/semanage policycoreutils-python-utils-2.4-7.fc23.x86_64
Created attachment 1066782 [details] proposed patch I think that this is a problem between Python 3 SWIG bindings around libsemanage and libsepol. Python 3 SWIG bindings temporarily allocate memory needed for PyUnicodeObject->char * conversion. This memory is deallocated shortly after underlying C function returns. Therefore it's necessary to create a copy of it.
The patch should also fix following bug: # semanage boolean -m --on polyinstantiation_enabled ValueError: Boolean polyinstantiation_enabled is not defined
Thanks for the patch. I'm not sure if it's the correct to fix a problem among policycoreutils and libsemanage in libsepol. I'd think that there could be a change of swig definition in libsemanage if it's feasible.
It seems to be really a bug in libsepol and your fix is probably correct (except for the minor memory leak). I'll push an update with this fix asap.
libsepol-2.4-3.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-14219
There's still problem with -m option: # semanage login -a -s staff_u ivetka && semanage login -l | grep ivetka ivetka staff_u s0 * # semanage login -m -s unconfined_u ivetka ValueError: Login mapping for ivetka is not defined
I see the same issue. Also "-d" option does not work. # semanage login -d -s staff_u -r s0-s0:c0.c1023 ivetka ValueError: Login mapping for ivetka is not defined # semanage login -l Login Name SELinux User MLS/MCS Range Service __default__ user_u s0-s0 * ivetka staff_u s0-s0:c0.c1023 *
libsepol-2.4-3.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update libsepol'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-14219
(In reply to Miroslav Grepl from comment #7) > I see the same issue. Also "-d" option does not work. > > # semanage login -d -s staff_u -r s0-s0:c0.c1023 ivetka > ValueError: Login mapping for ivetka is not defined > > # semanage login -l > > Login Name SELinux User MLS/MCS Range Service > > __default__ user_u s0-s0 * > ivetka staff_u s0-s0:c0.c1023 * I can reproduce it as well. Looks like semanage_seuser_key_create() doesn't use libsepol under the hood. Therefore similar fix will be needed also for libsemanage. I will also fix potential memory leak in my previous patch.
policycoreutils-2.4-12.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-15040
policycoreutils-2.4-12.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report.\nIf you want to test the update, you can install it with \n su -c 'yum --enablerepo=updates-testing update policycoreutils'. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-15040
policycoreutils-2.4-12.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.