Bug 1810347 - [abrt] setroubleshoot-server: createAlertSignature(): __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
Summary: [abrt] setroubleshoot-server: createAlertSignature(): __init__.py:221:createA...
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: setroubleshoot
Version: 33
Hardware: x86_64
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL: https://retrace.fedoraproject.org/faf...
Whiteboard: abrt_hash:189547aa547d763e72795bb35da...
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-03-05 03:18 UTC by Mikhail
Modified: 2021-04-20 09:14 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: ---
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: ---


Attachments (Terms of Use)
File: backtrace (2.76 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: cpuinfo (2.50 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: environ (1.70 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: mountinfo (2.74 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: namespaces (129 bytes, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details
File: open_fds (1.91 KB, text/plain)
2020-03-05 03:18 UTC, Mikhail
no flags Details

Description Mikhail 2020-03-05 03:18:14 UTC
Description of problem:
Issue occurs when I tried submit  SELinux bug report

SELinux is preventing firewalld from using the 'sys_nice' capabilities.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that firewalld should have the sys_nice capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'firewalld' --raw | audit2allow -M my-firewalld
# semodule -X 300 -i my-firewalld.pp

Additional Information:
Source Context                system_u:system_r:firewalld_t:s0
Target Context                system_u:system_r:firewalld_t:s0
Target Objects                Unknown [ capability ]
Source                        firewalld
Source Path                   firewalld
Port                          <Unknown>
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            selinux-policy-3.14.6-5.fc33.noarch
Local Policy RPM              <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Permissive
Host Name                     (removed)
Platform                      Linux (removed) 5.6.0-0.rc3.git0.1.fc33.x86_64 #1
                              SMP Mon Feb 24 16:03:58 UTC 2020 x86_64 x86_64
Alert Count                   1
First Seen                    2020-02-27 01:43:12 +05
Last Seen                     2020-02-27 01:43:12 +05
Local ID                      fd1733d8-2658-41c0-9f77-5c9f35e6bb63

Raw Audit Messages
type=AVC msg=audit(1582749792.584:1623): avc:  denied  { sys_nice } for  pid=1133 comm="firewalld" capability=23  scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=capability permissive=1


Hash: firewalld,firewalld_t,firewalld_t,capability,sys_nice

Version-Release number of selected component:
setroubleshoot-server-3.3.22-5.fc33

Additional info:
reporter:       libreport-2.12.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd@0.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.8.2-2.fc33.x86_64
kernel:         5.6.0-0.rc4.git0.1.fc33.x86_64
runlevel:       N 5
type:           Python3
uid:            1000

Truncated backtrace:
__init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None

Traceback (most recent call last):
  File "/usr/lib/python3.8/site-packages/setroubleshoot/browser.py", line 991, in submit_button_clicked
    self.submit()
  File "/usr/lib/python3.8/site-packages/setroubleshoot/browser.py", line 1001, in submit
    signature = report.createAlertSignature(local_policy_package,
  File "/usr/lib64/python3.8/site-packages/report/__init__.py", line 221, in createAlertSignature
    pd.add("component", component)
TypeError: argument 2 must be str, not None

Local variables in innermost frame:
component: None
hashmarkername: 'setroubleshoot'
hashvalue: '522a55dffd978f5c78fb8a7fb48d745f19cfc6e9dd8739ec573ea515e9de0ee7'
summary: "SELinux is preventing firewalld from using the 'sys_nice' capabilities."
alertSignature: 'SELinux is preventing firewalld from using the \'sys_nice\' capabilities.\n\n*****  Plugin catchall (100. confidence) suggests   **************************\n\nIf you believe that firewalld should have the sys_nice capability by default.\nThen you should report this as a bug.\nYou can generate a local policy module to allow this access.\nDo\nallow this access for now by executing:\n# ausearch -c \'firewalld\' --raw | audit2allow -M my-firewalld\n# semodule -X 300 -i my-firewalld.pp\n\nAdditional Information:\nSource Context                system_u:system_r:firewalld_t:s0\nTarget Context                system_u:system_r:firewalld_t:s0\nTarget Objects                Unknown [ capability ]\nSource                        firewalld\nSource Path                   firewalld\nPort                          <Unknown>\nHost                          (removed)\nSource RPM Packages           \nTarget RPM Packages           \nSELinux Policy RPM            selinux-policy-3.14.6-5.fc33.noarch\nLocal Policy RPM              <Unknown>\nSelinux Enabled               True\nPolicy Type                   targeted\nEnforcing Mode                Permissive\nHost Name                     (removed)\nPlatform                      Linux (removed) 5.6.0-0.rc3.git0.1.fc33.x86_64 #1\n                              SMP Mon Feb 24 16:03:58 UTC 2020 x86_64 x86_64\nAlert Count                   1\nFirst Seen                    2020-02-27 01:43:12 +05\nLast Seen                     2020-02-27 01:43:12 +05\nLocal ID                      fd1733d8-2658-41c0-9f77-5c9f35e6bb63\n\nRaw Audit Messages\ntype=AVC msg=audit(1582749792.584:1623): avc:  denied  { sys_nice } for  pid=1133 comm="firewalld" capability=23  scontext=system_u:system_r:firewalld_t:s0 tcontext=system_u:system_r:firewalld_t:s0 tclass=capability permissive=1\n\n\nHash: firewalld,firewalld_t,firewalld_t,capability,sys_nice\n'
executable: None
package: 'selinux-policy-3.14.6-5.fc33.noarch'
pd: <report.problem_data object at 0x7fe2542c12d0>

Potential duplicate: bug 1809508

Comment 1 Mikhail 2020-03-05 03:18:18 UTC
Created attachment 1667623 [details]
File: backtrace

Comment 2 Mikhail 2020-03-05 03:18:19 UTC
Created attachment 1667624 [details]
File: cpuinfo

Comment 3 Mikhail 2020-03-05 03:18:20 UTC
Created attachment 1667625 [details]
File: environ

Comment 4 Mikhail 2020-03-05 03:18:22 UTC
Created attachment 1667626 [details]
File: mountinfo

Comment 5 Mikhail 2020-03-05 03:18:23 UTC
Created attachment 1667627 [details]
File: namespaces

Comment 6 Mikhail 2020-03-05 03:18:24 UTC
Created attachment 1667628 [details]
File: open_fds

Comment 7 Ben Cotton 2020-08-11 13:12:51 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 33 development cycle.
Changing version to 33.

Comment 8 Hin-Tak Leung 2020-12-12 19:35:28 UTC
Similar problem has been detected:

Trying to report selinux errors....

reporter:       libreport-2.14.0
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.0-1.fc33.x86_64
kernel:         5.9.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 9 Jan Vlug 2021-01-22 22:40:26 UTC
Similar problem has been detected:

Probably happened when reporting a gdb access to chr_file: card0 related SELinux problem.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd@0.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-1.fc33.x86_64
kernel:         5.10.7-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 10 Jan Vlug 2021-01-31 11:40:54 UTC
Similar problem has been detected:

Crash happened when reporting an SELinux problem with WhatIP flatpak application.
My system is now continously showing new SELinux security alerts.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd@0.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.10-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 11 Jan Vlug 2021-01-31 11:59:08 UTC
Similar problem has been detected:

Crash happened when reporting an SELinux alert related to unbound-anchor.

From SE Linux review and submit window:

SELinux is preventing unbound-anchor from 'name_bind' accesses on the udp_socket port 61000.

*****  Plugin bind_ports (92.2 confidence) suggests   ************************

If you want to allow unbound-anchor to bind to network port 61000
Then you need to modify the port type.
Do
# semanage port -a -t PORT_TYPE -p udp 61000
    where PORT_TYPE is one of the following: afs3_callback_port_t, afs_bos_port_t, afs_fs_port_t, afs_ka_port_t, afs_pt_port_t, afs_vl_port_t, amanda_port_t, amavisd_recv_port_t, amavisd_send_port_t, amqp_port_t, aol_port_t, apc_port_t, apcupsd_port_t, appswitch_emp_port_t, asterisk_port_t, babel_port_t, bacula_port_t, bctp_port_t, bfd_control_port_t, bgp_port_t, boinc_client_port_t, boinc_port_t, brlp_port_t, certmaster_port_t, clamd_port_t, clockspeed_port_t, cluster_port_t, cma_port_t, cobbler_port_t, collectd_port_t, commplex_link_port_t, commplex_main_port_t, condor_port_t, conman_port_t, connlcli_port_t, conntrackd_port_t, couchdb_port_t, ctdb_port_t, cvs_port_t, cyphesis_port_t, cyrus_imapd_port_t, daap_port_t, dbskkd_port_t, dcc_port_t, dccm_port_t, dey_keyneg_port_t, dey_sapi_port_t, dhcpc_port_t, dict_port_t, distccd_port_t, dns_port_t, dnssec_port_t, dogtag_port_t, embrace_dp_c_port_t, ephemeral_port_t, epmd_port_t, fac_restore_port_t, firepower_port_t, flash_port_t, fmpro_internal_port_t, freeipmi_port_t, gatekeeper_port_t, gds_db_port_t, gear_port_t, geneve_port_t, giftd_port_t, git_port_t, glance_port_t, glance_registry_port_t, gluster_port_t, gpsd_port_t, hadoop_datanode_port_t, hadoop_namenode_port_t, hddtemp_port_t, howl_port_t, hplip_port_t, http_cache_port_t, i18n_input_port_t, ibm_dt_2_port_t, imaze_port_t, intermapper_port_t, interwise_port_t, ionixnetmon_port_t, ipp_port_t, ipsecnat_port_t, ircd_port_t, iscsi_port_t, isns_port_t, jabber_client_port_t, jabber_interserver_port_t, jabber_router_port_t, jacorb_port_t, jboss_debug_port_t, jboss_management_port_t, jboss_messaging_port_t, kerberos_port_t, keystone_port_t, kubernetes_port_t, l2tp_port_t, lirc_port_t, llmnr_port_t, lltng_port_t, lsm_plugin_port_t, luci_port_t, mail_port_t, mailbox_port_t, matahari_port_t, memcache_port_t, milter_port_t, mmcc_port_t, mongod_port_t, monopd_port_t, mountd_port_t, movaz_ssc_port_t, mpd_port_t, ms_streaming_port_t, msnp_port_t, mssql_port_t, munin_port_t, mxi_port_t, mysqld_port_t, mysqlmanagerd_port_t, mythtv_port_t, nessus_port_t, netport_port_t, netsupport_port_t, neutron_port_t, nfs_port_t, nmea_port_t, nodejs_debug_port_t, nsca_port_t, nsd_control_port_t, ntop_port_t, ntske_port_t, oa_system_port_t, ocsp_port_t, openflow_port_t, openhpid_port_t, openqa_port_t, openqa_websockets_port_t, openvpn_port_t, openvswitch_port_t, oracle_port_t, osapi_compute_port_t, ovsdb_port_t, pdps_port_t, pegasus_http_port_t, pegasus_https_port_t, pgpkeyserver_port_t, pingd_port_t, pki_kra_port_t, pki_ocsp_port_t, pki_ra_port_t, pki_tks_port_t, pki_tps_port_t, pktcable_cops_port_t, postfix_policyd_port_t, postgresql_port_t, postgrey_port_t, pptp_port_t, prelude_port_t, presence_port_t, preupgrade_port_t, priority_e_com_port_t, prosody_port_t, ptal_port_t, pulp_port_t, pulseaudio_port_t, puppet_port_t, pxe_port_t, pyzor_port_t, qpasa_agent_port_t, rabbitmq_port_t, radacct_port_t, radius_port_t, radsec_port_t, razor_port_t, redis_port_t, repository_port_t, ricci_modcluster_port_t, ricci_port_t, rkt_port_t, rtp_media_port_t, rtsclient_port_t, rtsp_port_t, salt_port_t, sap_port_t, saphostctrl_port_t, servistaitsm_port_t, sge_port_t, shellinaboxd_port_t, sieve_port_t, sip_port_t, sixxsconfig_port_t, smntubootstrap_port_t, soundd_port_t, speech_port_t, squid_port_t, ssdp_port_t, statsd_port_t, svn_port_t, swift_port_t, sype_transport_port_t, syslog_tls_port_t, tangd_port_t, tcs_port_t, tor_port_t, traceroute_port_t, tram_port_t, transproxy_port_t, trisoap_port_t, trivnet1_port_t, unreserved_port_t, ups_port_t, us_cli_port_t, varnishd_port_t, versa_tek_port_t, virt_migration_port_t, virt_port_t, virtual_places_port_t, vnc_port_t, wap_wsp_port_t, wccp_port_t, websm_port_t, whois_port_t, winshadow_port_t, wsdapi_port_t, wsicopy_port_t, xen_port_t, xfs_port_t, xinuexpansion3_port_t, xinuexpansion4_port_t, xodbc_connect_port_t, xserver_port_t, zabbix_agent_port_t, zabbix_port_t, zebra_port_t, zented_port_t, zookeeper_client_port_t, zookeeper_election_port_t, zookeeper_leader_port_t, zope_port_t.

*****  Plugin catchall_boolean (7.83 confidence) suggests   ******************

If you want to allow nis to enabled
Then you must tell SELinux about this by enabling the 'nis_enabled' boolean.

Do
setsebool -P nis_enabled 1

*****  Plugin catchall (1.41 confidence) suggests   **************************

If you believe that unbound-anchor should be allowed name_bind access on the port 61000 udp_socket by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'unbound-anchor' --raw | audit2allow -M my-unboundanchor
# semodule -X 300 -i my-unboundanchor.pp

Additional Information:
Source Context                system_u:system_r:named_t:s0
Target Context                system_u:object_r:port_t:s0
Target Objects                port 61000 [ udp_socket ]
Source                        unbound-anchor
Source Path                   unbound-anchor
Port                          61000
Host                          (removed)
Source RPM Packages           
Target RPM Packages           
SELinux Policy RPM            <Unknown>
Local Policy RPM              <Unknown>
Selinux Enabled               True
Policy Type                   targeted
Enforcing Mode                Enforcing
Host Name                     (removed)
Platform                      Linux (removed) 5.10.9-201.fc33.x86_64 #1 SMP Wed
                              Jan 20 16:56:23 UTC 2021 x86_64 x86_64
Alert Count                   1
First Seen                    2021-01-30 09:42:32 CET
Last Seen                     2021-01-30 09:42:32 CET
Local ID                      eff1afd2-31cb-499d-ba52-733ce0e1b505

Raw Audit Messages
type=AVC msg=audit(1611996152.156:9527): avc:  denied  { name_bind } for  pid=711444 comm="unbound-anchor" src=61000 scontext=system_u:system_r:named_t:s0 tcontext=system_u:object_r:port_t:s0 tclass=udp_socket permissive=0


Hash: unbound-anchor,named_t,port_t,udp_socket,name_bind

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd@1.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.10-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 12 Jan Vlug 2021-02-08 10:51:11 UTC
Similar problem has been detected:

Trying to report an SELinux Alert.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.2\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.2-org.fedoraproject.Setroubleshootd@0.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.1-2.fc33.x86_64
kernel:         5.10.12-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 13 Jan Vlug 2021-04-19 18:36:06 UTC
Similar problem has been detected:

Just using SELinux Alert Browser.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.1\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.1-org.fedoraproject.Setroubleshootd@1.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.2-1.fc33.x86_64
kernel:         5.11.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000

Comment 14 Jan Vlug 2021-04-20 09:14:08 UTC
Similar problem has been detected:

Reporting a gdb related SELinux Alert resulted in this crash report.

reporter:       libreport-2.14.0
cgroup:         0::/user.slice/user-1000.slice/user@1000.service/dbus\x2d:1.1\x2dorg.fedoraproject.Setroubleshootd.slice/dbus-:1.1-org.fedoraproject.Setroubleshootd@2.service
cmdline:        /usr/bin/python3 -Es /usr/bin/sealert -s
crash_function: createAlertSignature
exception_type: TypeError
executable:     /usr/bin/sealert
interpreter:    python3-3.9.2-1.fc33.x86_64
kernel:         5.11.11-200.fc33.x86_64
package:        setroubleshoot-server-3.3.24-1.fc33
reason:         __init__.py:221:createAlertSignature:TypeError: argument 2 must be str, not None
runlevel:       N 5
type:           Python3
uid:            1000


Note You need to log in before you can comment on or make changes to this bug.