Bug 426595 - 'audit2allow -M' fails with 'roles' output
'audit2allow -M' fails with 'roles' output
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-12-22 13:32 EST by Tom London
Modified: 2008-01-21 10:52 EST (History)
0 users

See Also:
Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-21 10:52:03 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
AVCs and SELINUX_ERR input to 'audit2allow -M' (8.67 KB, text/plain)
2007-12-22 13:34 EST, Tom London
no flags Details

  None (edit)
Description Tom London 2007-12-22 13:32:07 EST
Description of problem:
With avc's and SELINUX_ERR's that cause 'role' output, audit2allow -M fails:

[root@localhost ~]# audit2allow -i log2 -M local2
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i local2.pp

Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 275, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 269, in main
    self.__output()
  File "/usr/bin/audit2allow", line 259, in __output
    fd.write("\n=========== ROLES ===============\n")
UnboundLocalError: local variable 'fd' referenced before assignment
[root@localhost ~]# 

The offending lines of /usr/bin/audit2allow appear to be:

        # Module package
        if self.__options.module_package:
            self.__output_modulepackage(writer, g)
        else:
            # File or stdout
            if self.__options.module:
                g.set_module_name(self.__options.module)

            if self.__options.output:
                fd = open(self.__options.output, "w")
            else:
                fd = sys.stdout
            writer.write(g.get_module(), fd)

        if len(self.__selinux_errs) > 0:
            fd.write("\n=========== ROLES ===============\n")

        for role in self.__selinux_errs:
            fd.write(role.output())

fd appears to get set only in the 'else' clase.

Version-Release number of selected component (if applicable):
policycoreutils-2.0.34-3.fc9

How reproducible:
Everytime

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Tom London 2007-12-22 13:34:51 EST
Created attachment 290295 [details]
AVCs and SELINUX_ERR input to 'audit2allow -M'
Comment 2 Tom London 2007-12-22 13:48:04 EST
Minor nit:

Should the '==== ROLES ====' line have a '#' to make as a comment?
Comment 3 Daniel Walsh 2007-12-31 14:54:58 EST
Fixed in   policycoreutils-2.0.34-5

Currently this is not used in modules so not yet.

Note You need to log in before you can comment on or make changes to this bug.