Bug 223733 - audit2allow always displays an error message with the -M option
audit2allow always displays an error message with the -M option
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-01-21 20:50 EST by Eric Buist
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-08-22 10:11:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
A modified audit2allow Python script with correct string litterals (6.59 KB, application/octet-stream)
2007-01-27 11:49 EST, Eric Buist
no flags Details

  None (edit)
Description Eric Buist 2007-01-21 20:50:01 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1

Description of problem:
audit2allow -M local < inputfile always gives the same error message.

Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 191, in ?
    print (_("Generating type enforcment file: %s.te") % module)
NameError: name '_' is not defined

The file inputfile contains:

Jan 21 19:25:49 salvator kernel: audit(1169425549.929:10): avc:  denied  { getattr } for  pid=2863 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
Jan 21 19:25:49 salvator kernel: audit(1169425549.930:11): avc:  denied  { execute } for  pid=2864 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jan 21 19:25:51 salvator kernel: audit(1169425551.009:12): avc:  denied  { read write } for  pid=2865 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file
Jan 21 19:25:51 salvator kernel: audit(1169425551.014:13): avc:  denied  { getattr } for  pid=2866 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
Jan 21 19:25:51 salvator kernel: audit(1169425551.015:14): avc:  denied  { execute } for  pid=2867 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jan 21 19:25:52 salvator kernel: audit(1169425552.085:15): avc:  denied  { read write } for  pid=2868 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file

which is extracted from /var/log/messages

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. run audit2allow


Actual Results:
an error message

Expected Results:
audit2allow should create a loadable policy module local.pp that could potentially fix the issue with ntfs-3g.

Additional info:
That's a big problem, because many Web sites suggest audit2allow as the way to create SELinux policy packages, but now, audit2allow does not work on FC6, at least for me.
Comment 1 Daniel Walsh 2007-01-22 10:25:44 EST
Fixed in 	policycoreutils-1.33.15-1.fc6
Comment 2 Eric Buist 2007-01-27 11:28:42 EST
The problem remains with this version of policycoreutils.
Comment 3 Eric Buist 2007-01-27 11:49:17 EST
Created attachment 146746 [details]
A modified audit2allow Python script with correct string litterals
Comment 4 Daniel Walsh 2007-01-29 13:47:50 EST
I am not seeing this error?

_() should be defined via

import gettext
gettext.install('policycoreutils')

What do you get if you execute


#python
import gettext
gettext.install('policycoreutils')
print _("test")

Comment 5 Eric Buist 2007-01-29 20:15:05 EST
When I execute gettext.install('policycoreutils'), I get this message:
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib64/python2.4/gettext.py", line 480, in install
    t = translation(domain, localedir, fallback=True, codeset=codeset)
  File "/usr/lib64/python2.4/gettext.py", line 465, in translation
    t = _translations.setdefault(key, class_(open(mofile, 'rb')))
  File "/usr/lib64/python2.4/gettext.py", line 177, in __init__
    self._parse(fp)
  File "/usr/lib64/python2.4/gettext.py", line 301, in _parse
    plural = v[1].split('plural=')[1]
IndexError: list index out of range

My local is fr_CA.UTF-8. If I switch to en_US.UTF-8 (for example by using LC_ALL
en_US.UTF-8 python on the Bash prompt), everything works, including audit2allow.
The problem then seems to be related with Gettext which crashes on non-US locales.
Maybe something must be done in the program to catch up in case no translation
exists for the current locale?
Comment 6 Daniel Walsh 2007-02-01 16:14:55 EST
Try changing this in audit2allow
  
        try:
                gettext.install('policycoreutils')
	except IOError:
		import __builtin__
		__builtin__.__dict__['_'] = unicode
Comment 7 Daniel Walsh 2007-02-01 16:20:07 EST
Fixed in policycoreutils-1.34.1-4.fc6
Comment 8 Daniel Walsh 2007-08-22 10:11:55 EDT
Fixed in current release

Note You need to log in before you can comment on or make changes to this bug.