Bug 1652840 - augeas cannot parse semanage.conf on rhel8
Summary: augeas cannot parse semanage.conf on rhel8
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: augeas
Version: 8.0
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: rc
: 8.0
Assignee: Libvirt Maintainers
QA Contact: YongkuiGuo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-11-23 09:07 UTC by YongkuiGuo
Modified: 2019-06-14 01:54 UTC (History)
3 users (show)

Fixed In Version: augeas-1.10.1-6.el8
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-14 01:54:22 UTC
Type: Bug
Target Upstream Version:


Attachments (Terms of Use)
/etc/selinux/semanage.conf from RHEL 8 (2.37 KB, text/plain)
2018-11-23 09:16 UTC, Richard W.M. Jones
no flags Details


Links
System ID Priority Status Summary Last Updated
Github hercules-team augeas pull 594 None None None 2018-11-29 09:25:15 UTC

Description YongkuiGuo 2018-11-23 09:07:24 UTC
Description of problem:
Augeas cannot parse /etc/selinux/semanage.conf file on up-to-date rhel8.


Version-Release number of selected component (if applicable):
augeas-1.10.1-4.el8.x86_64
selinux-policy-3.14.1-47.el8.noarch

How reproducible:
100%


Steps:

1. On rhel8 host with RHEL-8.0-20181120.0 compose
#augtool print /files/etc/selinux/semanage.conf

There is no output.

2.
#augtool print /augeas//error
...
/augeas/files/etc/selinux/semanage.conf/error = "parse_failed"
/augeas/files/etc/selinux/semanage.conf/error/pos = "2349"
/augeas/files/etc/selinux/semanage.conf/error/line = "54"
/augeas/files/etc/selinux/semanage.conf/error/char = "0"
/augeas/files/etc/selinux/semanage.conf/error/lens = "/usr/share/augeas/lenses/dist/simplevars.aug:39.10-.46:"
/augeas/files/etc/selinux/semanage.conf/error/lens/last_matched = "/usr/share/augeas/lenses/dist/util.aug:68.15-.30:"
/augeas/files/etc/selinux/semanage.conf/error/message = "Iterated lens matched less than it should"


From the line 54 to the file end, the content is as below:

[sefcontext_compile]
path = /usr/sbin/sefcontext_compile
args = -r $@
[end]


Actual results:
The semanage.conf cannot be parsed.

Expected results:
The augeas tool should be able to parse semanage.conf file.

Additional info:

Comment 1 Richard W.M. Jones 2018-11-23 09:16:20 UTC
Created attachment 1508236 [details]
/etc/selinux/semanage.conf from RHEL 8

Can confirm the same problem here.  Attaching the file.

Comment 2 Pino Toscano 2018-11-23 10:47:00 UTC
(In reply to YongkuiGuo from comment #0)
> Description of problem:
> Augeas cannot parse /etc/selinux/semanage.conf file on up-to-date rhel8.

It happens also on Fedora 28, for example.

> 2.
> #augtool print /augeas//error
> ...
> /augeas/files/etc/selinux/semanage.conf/error = "parse_failed"
> /augeas/files/etc/selinux/semanage.conf/error/pos = "2349"
> /augeas/files/etc/selinux/semanage.conf/error/line = "54"
> /augeas/files/etc/selinux/semanage.conf/error/char = "0"
> /augeas/files/etc/selinux/semanage.conf/error/lens =
> "/usr/share/augeas/lenses/dist/simplevars.aug:39.10-.46:"
> /augeas/files/etc/selinux/semanage.conf/error/lens/last_matched =
> "/usr/share/augeas/lenses/dist/util.aug:68.15-.30:"
> /augeas/files/etc/selinux/semanage.conf/error/message = "Iterated lens
> matched less than it should"
> 
> 
> From the line 54 to the file end, the content is as below:
> 
> [sefcontext_compile]
> path = /usr/sbin/sefcontext_compile
> args = -r $@
> [end]

This kind of syntax is not understood by the Simplevars lens.
The Simplevars lens is for reading files with a simple INI format, not even with groups ("[foo]", etc).

It's clear now that the semanage.conf file needs an own lens instead of using Simplevars.

Comment 4 YongkuiGuo 2018-11-30 01:52:08 UTC
Verified with package:
augeas-1.10.1-6.el8.x86_64

Steps:

1. On rhel8 host
# augtool print /files/etc/selinux/semanage.conf
...
/files/etc/selinux/semanage.conf/usepasswd = "False"
/files/etc/selinux/semanage.conf/bzip-small = "true"
/files/etc/selinux/semanage.conf/bzip-blocksize = "5"
/files/etc/selinux/semanage.conf/ignoredirs = "/root"
/files/etc/selinux/semanage.conf/@group = "sefcontext_compile"
/files/etc/selinux/semanage.conf/@group/path = "/usr/sbin/sefcontext_compile"
/files/etc/selinux/semanage.conf/@group/args = "-r $@"

The semanage.conf can be parsed by augeas normally. Verified this bug.


Note You need to log in before you can comment on or make changes to this bug.