Bug 1329120 - sesearch loops endlessly when it should print neverallow rules from the base policy module
Summary: sesearch loops endlessly when it should print neverallow rules from the base ...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: setools
Version: 6.8
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: ---
Assignee: Petr Lautrbach
QA Contact: Jan Zarsky
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-21 09:10 UTC by Milos Malik
Modified: 2016-11-08 11:38 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 1329102
Environment:
Last Closed: 2016-11-08 11:38:33 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Milos Malik 2016-04-21 09:10:22 UTC 
Description of problem:
* sesearch loops endlessly, consumes memory and gets killed by OOM in the end

Version-Release number of selected component (if applicable):
libselinux-2.0.94-7.el6.x86_64
libselinux-devel-2.0.94-7.el6.x86_64
libselinux-python-2.0.94-7.el6.x86_64
libselinux-ruby-2.0.94-7.el6.x86_64
libselinux-static-2.0.94-7.el6.x86_64
libselinux-utils-2.0.94-7.el6.x86_64
libsemanage-2.0.43-5.1.el6.x86_64
libsemanage-devel-2.0.43-5.1.el6.x86_64
libsemanage-python-2.0.43-5.1.el6.x86_64
libsemanage-static-2.0.43-5.1.el6.x86_64
libsepol-2.0.41-4.el6.x86_64
libsepol-devel-2.0.41-4.el6.x86_64
libsepol-static-2.0.41-4.el6.x86_64
selinux-policy-3.7.19-292.el6.noarch
selinux-policy-doc-3.7.19-292.el6.noarch
selinux-policy-minimum-3.7.19-292.el6.noarch
selinux-policy-mls-3.7.19-292.el6.noarch
selinux-policy-targeted-3.7.19-292.el6.noarch
setools-3.3.7-4.el6.x86_64
setools-console-3.3.7-4.el6.x86_64
setools-gui-3.3.7-4.el6.x86_64
setools-libs-3.3.7-4.el6.x86_64
setools-libs-java-3.3.7-4.el6.x86_64
setools-libs-python-3.3.7-4.el6.x86_64
setools-libs-tcl-3.3.7-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
# cp /etc/selinux/targeted/modules/active/base.pp ./base.pp.bz2
# bzip2 -d base.pp.bz2 
# sesearch --allow ./base.pp | wc -l
35163
# sesearch --auditallow ./base.pp | wc -l
1
# sesearch --dontaudit ./base.pp | wc -l
4539
# sesearch --type ./base.pp | wc -l
791
# sesearch --role_allow ./base.pp | wc -l
6
# sesearch --role_trans ./base.pp | wc -l
18
# sesearch --range_trans ./base.pp | wc -l
238
# sesearch --neverallow ./base.pp 
Killed

Actual results:
* segfault
* neverallow rules are not shown at all

Expected results:
* no segfaults
* all neverallow rules are shown
Comment 1 Milos Malik 2016-04-21 09:25:00 UTC 
BTW following command also loops endlessly when analyzing the same policy module:

# seinfo --stats ./base.pp
Comment 2 Petr Lautrbach 2016-11-08 11:38:33 UTC 
Red Hat Enterprise Linux version 6 is in the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.
Note You need to log in before you can comment on or make changes to this bug.