Bug 1810347 - [abrt] setroubleshoot-server: createAlertSignature(): __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
Summary: [abrt] setroubleshoot-server: createAlertSignature(): __init__.py:221:createA...
Keywords:
Status: CLOSED EOL
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 33
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:189547aa547d763e72795bb35da...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-05 03:18 UTC by Mikhail
Modified: 2021-11-30 18:36 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-11-30 18:36:10 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
File: backtrace (2.76 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: cpuinfo (2.50 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: environ (1.70 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: mountinfo (2.74 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: namespaces (129 bytes, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: open_fds (1.91 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details

Description Mikhail 2020-03-05 03:18:14 UTC
Description of problem:
Issue occurs when I tried submit  SELinux bug report

SELinux is preventing firewalld from using the 'sys_nice' capabilities.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that firewalld should have the sys_nice capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'firewalld' --raw | audit2allow -M my-firewalld
# semodule -X 300 -i my-firewalld.pp

Additional Information:
Source Context                system_u:system_r:firewalld_t:s0
Target Context                system_u:system_r:firewalld_t:s0
Target Objects                Unknown [ capability ]
Source                        firewalld
Source Path                   firewalld
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-3.14.6-5.fc33.noarch
Local Policy RPM              <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 5.6.0-0.rc3.git0.1.fc33.x86_64 #1
                              SMP Mon Feb 24 16:03:58 UTC 2020 x86_64 x86_64
Alert Count                   1
First Seen                    2020-02-27 01:43:12 +05
Last Seen                     2020-02-27 01:43:12 +05
Local ID                      fd1733d8-2658-41c0-9f77-5c9f35e6bb63

Raw Audit Messages
type=AVC msg=audit(1582749792.584:1623): avc:  denied  { sys_nice } for  pid=1133 comm="firewalld" capability=23  scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=capability permissive=1


Hash: firewalld,firewalld_t,firewalld_t,capability,sys_nice

Version-Release number of selected component:
setroubleshoot-server-3.3.22-5.fc33

Additional info:
reporter:       libreport-2.12.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.8.2-2.fc33.x86_64
kernel:         5.6.0-0.rc4.git0.1.fc33.x86_64
runlevel:       N 5
type:           Python3
uid:            1000

Truncated backtrace:
__init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/setroubleshoot/browser.py", line 991, in submit_button_clicked
    self.submit()
  File "/usr/lib/python3.8/site-packages/setroubleshoot/browser.py", line 1001, in submit
    signature = report.createAlertSignature(local_policy_package,
  File "/usr/lib64/python3.8/site-packages/report/__init__.py", line 221, in createAlertSignature
    pd.add("component", component)
TypeError: argument 2 must be str, not None

Local variables in innermost frame:
component: None
hashmarkername: 'setroubleshoot'
hashvalue: '522a55dffd978f5c78fb8a7fb48d745f19cfc6e9dd8739ec573ea515e9de0ee7'
summary: "SELinux is preventing firewalld from using the 'sys_nice' capabilities."
alertSignature: 'SELinux is preventing firewalld from using the \'sys_nice\' capabilities.\n\n*****  Plugin catchall (100. confidence) suggests   **************************\n\nIf you believe that firewalld should have the sys_nice capability by default.\nThen you should report this as a bug.\nYou can generate a local policy module to allow this access.\nDo\nallow this access for now by executing:\n# ausearch -c \'firewalld\' --raw | audit2allow -M my-firewalld\n# semodule -X 300 -i my-firewalld.pp\n\nAdditional Information:\nSource Context                system_u:system_r:firewalld_t:s0\nTarget Context                system_u:system_r:firewalld_t:s0\nTarget Objects                Unknown [ capability ]\nSource                        firewalld\nSource Path                   firewalld\nPort                          <Unknown>\nHost                          (removed)\nSource RPM Packages           \nTarget RPM Packages           \nSELinux Policy RPM            selinux-policy-3.14.6-5.fc33.noarch\nLocal Policy RPM              <Unknown>\nSelinux Enabled               True\nPolicy Type                   targeted\nEnforcing Mode                Permissive\nHost Name                     (removed)\nPlatform                      Linux (removed) 5.6.0-0.rc3.git0.1.fc33.x86_64 #1\n                              SMP Mon Feb 24 16:03:58 UTC 2020 x86_64 x86_64\nAlert Count                   1\nFirst Seen                    2020-02-27 01:43:12 +05\nLast Seen                     2020-02-27 01:43:12 +05\nLocal ID                      fd1733d8-2658-41c0-9f77-5c9f35e6bb63\n\nRaw Audit Messages\ntype=AVC msg=audit(1582749792.584:1623): avc:  denied  { sys_nice } for  pid=1133 comm="firewalld" capability=23  scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=capability permissive=1\n\n\nHash: firewalld,firewalld_t,firewalld_t,capability,sys_nice\n'
executable: None
package: 'selinux-policy-3.14.6-5.fc33.noarch'
pd: <report.problem_data object at 0x7fe2542c12d0>

Potential duplicate: bug 1809508

Comment 1 Mikhail 2020-03-05 03:18:18 UTC
Created attachment 1667623 [details]
File: backtrace

Comment 2 Mikhail 2020-03-05 03:18:19 UTC
Created attachment 1667624 [details]
File: cpuinfo

Comment 3 Mikhail 2020-03-05 03:18:20 UTC
Created attachment 1667625 [details]
File: environ

Comment 4 Mikhail 2020-03-05 03:18:22 UTC
Created attachment 1667626 [details]
File: mountinfo

Comment 5 Mikhail 2020-03-05 03:18:23 UTC
Created attachment 1667627 [details]
File: namespaces

Comment 6 Mikhail 2020-03-05 03:18:24 UTC
Created attachment 1667628 [details]
File: open_fds

Comment 7 Ben Cotton 2020-08-11 13:12:51 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Comment 8 Hin-Tak Leung 2020-12-12 19:35:28 UTC
Similar problem has been detected:

Trying to report selinux errors....

reporter:       libreport-2.14.0
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.0-1.fc33.x86_64
kernel:         5.9.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 9 Jan Vlug 2021-01-22 22:40:26 UTC
Similar problem has been detected:

Probably happened when reporting a gdb access to chr_file: card0 related SELinux problem.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-1.fc33.x86_64
kernel:         5.10.7-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 10 Jan Vlug 2021-01-31 11:40:54 UTC
Similar problem has been detected:

Crash happened when reporting an SELinux problem with WhatIP flatpak application.
My system is now continously showing new SELinux security alerts.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.10-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 11 Jan Vlug 2021-01-31 11:59:08 UTC
Similar problem has been detected:

Crash happened when reporting an SELinux alert related to unbound-anchor.

From SE Linux review and submit window:

SELinux is preventing unbound-anchor from 'name_bind' accesses on the udp_socket port 61000.

*****  Plugin bind_ports (92.2 confidence) suggests   ************************

If you want to allow unbound-anchor to bind to network port 61000
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p udp 61000
    where PORT_TYPE is one of the following: afs3_callback_port_t, afs_bos_port_t, afs_fs_port_t, afs_ka_port_t, afs_pt_port_t, afs_vl_port_t, amanda_port_t, amavisd_recv_port_t, amavisd_send_port_t, amqp_port_t, aol_port_t, apc_port_t, apcupsd_port_t, appswitch_emp_port_t, asterisk_port_t, babel_port_t, bacula_port_t, bctp_port_t, bfd_control_port_t, bgp_port_t, boinc_client_port_t, boinc_port_t, brlp_port_t, certmaster_port_t, clamd_port_t, clockspeed_port_t, cluster_port_t, cma_port_t, cobbler_port_t, collectd_port_t, commplex_link_port_t, commplex_main_port_t, condor_port_t, conman_port_t, connlcli_port_t, conntrackd_port_t, couchdb_port_t, ctdb_port_t, cvs_port_t, cyphesis_port_t, cyrus_imapd_port_t, daap_port_t, dbskkd_port_t, dcc_port_t, dccm_port_t, dey_keyneg_port_t, dey_sapi_port_t, dhcpc_port_t, dict_port_t, distccd_port_t, dns_port_t, dnssec_port_t, dogtag_port_t, embrace_dp_c_port_t, ephemeral_port_t, epmd_port_t, fac_restore_port_t, firepower_port_t, flash_port_t, fmpro_internal_port_t, freeipmi_port_t, gatekeeper_port_t, gds_db_port_t, gear_port_t, geneve_port_t, giftd_port_t, git_port_t, glance_port_t, glance_registry_port_t, gluster_port_t, gpsd_port_t, hadoop_datanode_port_t, hadoop_namenode_port_t, hddtemp_port_t, howl_port_t, hplip_port_t, http_cache_port_t, i18n_input_port_t, ibm_dt_2_port_t, imaze_port_t, intermapper_port_t, interwise_port_t, ionixnetmon_port_t, ipp_port_t, ipsecnat_port_t, ircd_port_t, iscsi_port_t, isns_port_t, jabber_client_port_t, jabber_interserver_port_t, jabber_router_port_t, jacorb_port_t, jboss_debug_port_t, jboss_management_port_t, jboss_messaging_port_t, kerberos_port_t, keystone_port_t, kubernetes_port_t, l2tp_port_t, lirc_port_t, llmnr_port_t, lltng_port_t, lsm_plugin_port_t, luci_port_t, mail_port_t, mailbox_port_t, matahari_port_t, memcache_port_t, milter_port_t, mmcc_port_t, mongod_port_t, monopd_port_t, mountd_port_t, movaz_ssc_port_t, mpd_port_t, ms_streaming_port_t, msnp_port_t, mssql_port_t, munin_port_t, mxi_port_t, mysqld_port_t, mysqlmanagerd_port_t, mythtv_port_t, nessus_port_t, netport_port_t, netsupport_port_t, neutron_port_t, nfs_port_t, nmea_port_t, nodejs_debug_port_t, nsca_port_t, nsd_control_port_t, ntop_port_t, ntske_port_t, oa_system_port_t, ocsp_port_t, openflow_port_t, openhpid_port_t, openqa_port_t, openqa_websockets_port_t, openvpn_port_t, openvswitch_port_t, oracle_port_t, osapi_compute_port_t, ovsdb_port_t, pdps_port_t, pegasus_http_port_t, pegasus_https_port_t, pgpkeyserver_port_t, pingd_port_t, pki_kra_port_t, pki_ocsp_port_t, pki_ra_port_t, pki_tks_port_t, pki_tps_port_t, pktcable_cops_port_t, postfix_policyd_port_t, postgresql_port_t, postgrey_port_t, pptp_port_t, prelude_port_t, presence_port_t, preupgrade_port_t, priority_e_com_port_t, prosody_port_t, ptal_port_t, pulp_port_t, pulseaudio_port_t, puppet_port_t, pxe_port_t, pyzor_port_t, qpasa_agent_port_t, rabbitmq_port_t, radacct_port_t, radius_port_t, radsec_port_t, razor_port_t, redis_port_t, repository_port_t, ricci_modcluster_port_t, ricci_port_t, rkt_port_t, rtp_media_port_t, rtsclient_port_t, rtsp_port_t, salt_port_t, sap_port_t, saphostctrl_port_t, servistaitsm_port_t, sge_port_t, shellinaboxd_port_t, sieve_port_t, sip_port_t, sixxsconfig_port_t, smntubootstrap_port_t, soundd_port_t, speech_port_t, squid_port_t, ssdp_port_t, statsd_port_t, svn_port_t, swift_port_t, sype_transport_port_t, syslog_tls_port_t, tangd_port_t, tcs_port_t, tor_port_t, traceroute_port_t, tram_port_t, transproxy_port_t, trisoap_port_t, trivnet1_port_t, unreserved_port_t, ups_port_t, us_cli_port_t, varnishd_port_t, versa_tek_port_t, virt_migration_port_t, virt_port_t, virtual_places_port_t, vnc_port_t, wap_wsp_port_t, wccp_port_t, websm_port_t, whois_port_t, winshadow_port_t, wsdapi_port_t, wsicopy_port_t, xen_port_t, xfs_port_t, xinuexpansion3_port_t, xinuexpansion4_port_t, xodbc_connect_port_t, xserver_port_t, zabbix_agent_port_t, zabbix_port_t, zebra_port_t, zented_port_t, zookeeper_client_port_t, zookeeper_election_port_t, zookeeper_leader_port_t, zope_port_t.

*****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.

Do
setsebool -P nis_enabled 1

*****  Plugin catchall (1.41 confidence) suggests   **************************

If you believe that unbound-anchor should be allowed name_bind access on the port 61000 udp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'unbound-anchor' --raw | audit2allow -M my-unboundanchor
# semodule -X 300 -i my-unboundanchor.pp

Additional Information:
Source Context                system_u:system_r:named_t:s0
Target Context                system_u:object_r:port_t:s0
Target Objects                port 61000 [ udp_socket ]
Source                        unbound-anchor
Source Path                   unbound-anchor
Port                          61000
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            <Unknown>
Local Policy RPM              <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.10.9-201.fc33.x86_64 #1 SMP Wed
                              Jan 20 16:56:23 UTC 2021 x86_64 x86_64
Alert Count                   1
First Seen                    2021-01-30 09:42:32 CET
Last Seen                     2021-01-30 09:42:32 CET
Local ID                      eff1afd2-31cb-499d-ba52-733ce0e1b505

Raw Audit Messages
type=AVC msg=audit(1611996152.156:9527): avc:  denied  { name_bind } for  pid=711444 comm="unbound-anchor" src=61000 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket permissive=0


Hash: unbound-anchor,named_t,port_t,udp_socket,name_bind

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.10-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 12 Jan Vlug 2021-02-08 10:51:11 UTC
Similar problem has been detected:

Trying to report an SELinux Alert.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.12-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 13 Jan Vlug 2021-04-19 18:36:06 UTC
Similar problem has been detected:

Just using SELinux Alert Browser.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.1\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.1-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.2-1.fc33.x86_64
kernel:         5.11.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 14 Jan Vlug 2021-04-20 09:14:08 UTC
Similar problem has been detected:

Reporting a gdb related SELinux Alert resulted in this crash report.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user/dbus\x2d:1.1\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.1-org.fedoraproject.Setroubleshootd
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.2-1.fc33.x86_64
kernel:         5.11.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 15 Ben Cotton 2021-11-04 14:40:20 UTC
This message is a reminder that Fedora 33 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '33'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 33 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 16 Ben Cotton 2021-11-04 15:38:24 UTC
This message is a reminder that Fedora 33 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora 33 on 2021-11-30.
It is Fedora's policy to close all bug reports from releases that are no longer
maintained. At that time this bug will be closed as EOL if it remains open with a
Fedora 'version' of '33'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version.

Thank you for reporting this issue and we are sorry that we were not 
able to fix it before Fedora 33 is end of life. If you would still like 
to see this bug fixed and are able to reproduce it against a later version 
of Fedora, you are encouraged  change the 'version' to a later Fedora 
version prior this bug is closed as described in the policy above.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

Comment 17 Ben Cotton 2021-11-30 18:36:10 UTC
Fedora 33 changed to end-of-life (EOL) status on 2021-11-30. Fedora 33 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.


Note You need to log in before you can comment on or make changes to this bug.