Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1416377 - sepolicy transition -s sshd_t tracebacks
Summary: sepolicy transition -s sshd_t tracebacks
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: 25
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-01-25 11:39 UTC by Milos Malik
Modified: 2017-04-06 11:56 UTC (History)
5 users (show)

Fixed In Version: policycoreutils-devel-2.6-3.fc26.x86_64
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-04-06 11:56:57 UTC
Type: Bug


Attachments (Terms of Use)

Description Milos Malik 2017-01-25 11:39:02 UTC
Description of problem:
* the tool runs for a while and then ends up with a traceback

Version-Release number of selected component (if applicable):
checkpolicy-2.6-0.1.fc25.x86_64
libselinux-2.6-0.1.fc25.x86_64
libselinux-python-2.6-0.1.fc25.x86_64
libselinux-python3-2.6-0.1.fc25.x86_64
libselinux-utils-2.6-0.1.fc25.x86_64
libsemanage-2.6-0.2.fc25.x86_64
libsemanage-python-2.6-0.2.fc25.x86_64
libsemanage-python3-2.6-0.2.fc25.x86_64
libsepol-2.6-0.2.fc25.x86_64
policycoreutils-2.6-0.5.fc25.x86_64
policycoreutils-devel-2.6-0.5.fc25.x86_64
policycoreutils-gui-2.6-0.5.fc25.x86_64
policycoreutils-python-2.6-0.5.fc25.x86_64
policycoreutils-python3-2.6-0.5.fc25.x86_64
policycoreutils-python-utils-2.6-0.5.fc25.x86_64
setools-console-4.0.1-0.2.fc25.x86_64
setools-python3-4.0.1-0.2.fc25.x86_64

How reproducible:
* always

Steps to Reproduce:
# sepolicy transition -s sshd_t
Traceback (most recent call last):
  File "/usr/bin/sepolicy", line 700, in <module>
    args.func(args)
  File "/usr/bin/sepolicy", line 468, in transition
    mytrans.output()
  File "/usr/lib/python3.5/site-packages/sepolicy/transition.py", line 82, in output
    print(self.out(self.source))
  File "/usr/lib/python3.5/site-packages/sepolicy/transition.py", line 71, in out
    buf += "%s%s @ %s --> %s %s\n" % (header, t["source"], t["target"], t["transtype"], sepolicy.get_conditionals_format_text(cond))
  File "/usr/lib/python3.5/site-packages/sepolicy/__init__.py", line 386, in get_conditionals_format_text
    enabled = len(filter(lambda x: x['boolean'][0][1], cond)) > 0
TypeError: object of type 'filter' has no len()
#

Actual results:
* traceback

Expected results:
* no tracebacks

Comment 1 Milos Malik 2017-01-30 16:27:13 UTC
# rpm -qa libsepol\* libsemanage\* libselinux\* policycoreutils\* checkpolicy\* setools\* | sort
checkpolicy-2.6-0.1.fc25.x86_64
libselinux-2.6-0.1.fc25.x86_64
libselinux-python-2.6-0.1.fc25.x86_64
libselinux-python3-2.6-0.1.fc25.x86_64
libselinux-utils-2.6-0.1.fc25.x86_64
libsemanage-2.6-0.2.fc25.x86_64
libsemanage-python-2.6-0.2.fc25.x86_64
libsemanage-python3-2.6-0.2.fc25.x86_64
libsepol-2.6-0.2.fc25.x86_64
policycoreutils-2.6-0.6.fc25.x86_64
policycoreutils-devel-2.6-0.6.fc25.x86_64
policycoreutils-python-2.6-0.6.fc25.x86_64
policycoreutils-python3-2.6-0.6.fc25.x86_64
policycoreutils-python-utils-2.6-0.6.fc25.x86_64
setools-python3-4.0.1-0.2.fc25.x86_64
# sepolicy transition -s sshd_t
sshd_t @ chkpwd_exec_t --> chkpwd_t
sshd_t @ mount_ecryptfs_exec_t --> mount_ecryptfs_t
sshd_t @ updpwd_exec_t --> updpwd_t
sshd_t @ xauth_exec_t --> xauth_t
sshd_t @ mount_exec_t --> mount_t
sshd_t @ abrt_helper_exec_t --> abrt_helper_t
sshd_t @ passwd_exec_t --> passwd_t
sshd_t @ fusermount_exec_t --> mount_t
sshd_t @ oddjob_mkhomedir_exec_t --> oddjob_mkhomedir_t
sshd_t @ lvm_exec_t --> lvm_t
sshd_t @ shell_exec_t --> unconfined_t
sshd_t @ setfiles_exec_t --> setfiles_t -- Allowed False [ polyinstantiation_enabled=0 ]
sshd_t @ namespace_init_exec_t --> namespace_init_t -- Allowed False [ polyinstantiation_enabled=0 ]

#

Seems to be fixed.


Note You need to log in before you can comment on or make changes to this bug.