Description of problem: When seuser command is run with various switches command segfaults Version-Release number of selected component (if applicable): RHEL4-AS-U0 [ i386 (clean install, no packages changed from default) ] [ i386 (patched up2date) ] [ x86_64 (patched up2date) ] setools-1.5.1-5 How reproducible: Always. With and without X running. As a root and non-root user. Steps to Reproduce: seuser -h or seuser version Actual results: [root@server1 ~]# seuser version Segmentation fault [root@server1 ~]# seuser -h Segmentation fault The same occurs with non-sense input after the command name for example [root@netserver-new setools]# seuser 1234567890 Segmentation fault [root@netserver-new setools]# seuser foobarfoobar Segmentation fault Expected results: Command displays help / version string / exits normally etc Additional info: I freely admit I know little about SElinux sub-system or its operation but this seems too fundamental to overlook and worth reporting. I note that the setools-1.5.1-5 SRPM does include the patch from Bugzilla Bug 138297 which on initial inspection seemed similar.
seuser is not intended to be used in targeted policy, only strict. But I have prepared a fix on ftp://people.redhat.com/dwalsh/SELinux/RHEL4 This should go into U2 since U1 is already frozen. Please try it out.
I can confirm that seuser from the (-5.1 release rpm you provided) now exits cleanly on RHEL4-U0 (i386 and x86_86) with valid and invalid command line switches passed to it. Thanks for the note regarding its intended usage on strict policy systems which I was unaware of.
The main use of seuser is to manipulate the user database, similarly to useradd, userdel ... It's main difference is that it will also manipulate the roles database of SELinux. roles are not really used in targeted policy. We also intend to move the ability to manipulate roles into useradd and friends in the future. This mechanism will be different then seuser since it will not require that policy sources be installed. Dan