From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1 Description of problem: audit2allow -M local < inputfile always gives the same error message. Traceback (most recent call last): File "/usr/bin/audit2allow", line 191, in ? print (_("Generating type enforcment file: %s.te") % module) NameError: name '_' is not defined The file inputfile contains: Jan 21 19:25:49 salvator kernel: audit(1169425549.929:10): avc: denied { getattr } for pid=2863 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file Jan 21 19:25:49 salvator kernel: audit(1169425549.930:11): avc: denied { execute } for pid=2864 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Jan 21 19:25:51 salvator kernel: audit(1169425551.009:12): avc: denied { read write } for pid=2865 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file Jan 21 19:25:51 salvator kernel: audit(1169425551.014:13): avc: denied { getattr } for pid=2866 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file Jan 21 19:25:51 salvator kernel: audit(1169425551.015:14): avc: denied { execute } for pid=2867 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file Jan 21 19:25:52 salvator kernel: audit(1169425552.085:15): avc: denied { read write } for pid=2868 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file which is extracted from /var/log/messages Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. run audit2allow Actual Results: an error message Expected Results: audit2allow should create a loadable policy module local.pp that could potentially fix the issue with ntfs-3g. Additional info: That's a big problem, because many Web sites suggest audit2allow as the way to create SELinux policy packages, but now, audit2allow does not work on FC6, at least for me.
Fixed in policycoreutils-1.33.15-1.fc6
The problem remains with this version of policycoreutils.
Created attachment 146746 [details] A modified audit2allow Python script with correct string litterals
I am not seeing this error? _() should be defined via import gettext gettext.install('policycoreutils') What do you get if you execute #python import gettext gettext.install('policycoreutils') print _("test")
When I execute gettext.install('policycoreutils'), I get this message: Traceback (most recent call last): File "<stdin>", line 1, in ? File "/usr/lib64/python2.4/gettext.py", line 480, in install t = translation(domain, localedir, fallback=True, codeset=codeset) File "/usr/lib64/python2.4/gettext.py", line 465, in translation t = _translations.setdefault(key, class_(open(mofile, 'rb'))) File "/usr/lib64/python2.4/gettext.py", line 177, in __init__ self._parse(fp) File "/usr/lib64/python2.4/gettext.py", line 301, in _parse plural = v[1].split('plural=')[1] IndexError: list index out of range My local is fr_CA.UTF-8. If I switch to en_US.UTF-8 (for example by using LC_ALL en_US.UTF-8 python on the Bash prompt), everything works, including audit2allow. The problem then seems to be related with Gettext which crashes on non-US locales. Maybe something must be done in the program to catch up in case no translation exists for the current locale?
Try changing this in audit2allow try: gettext.install('policycoreutils') except IOError: import __builtin__ __builtin__.__dict__['_'] = unicode
Fixed in policycoreutils-1.34.1-4.fc6
Fixed in current release