Bug 426595 - 'audit2allow -M' fails with 'roles' output
Summary: 'audit2allow -M' fails with 'roles' output
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: policycoreutils
Version: rawhide
Hardware: All
OS: Linux
low
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-22 18:32 UTC by Tom London
Modified: 2008-01-21 15:52 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-01-21 15:52:03 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)
AVCs and SELINUX_ERR input to 'audit2allow -M' (8.67 KB, text/plain)
2007-12-22 18:34 UTC, Tom London
no flags Details

Description Tom London 2007-12-22 18:32:07 UTC
Description of problem:
With avc's and SELINUX_ERR's that cause 'role' output, audit2allow -M fails:

[root@localhost ~]# audit2allow -i log2 -M local2
******************** IMPORTANT ***********************
To make this policy package active, execute:

semodule -i local2.pp

Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 275, in <module>
    app.main()
  File "/usr/bin/audit2allow", line 269, in main
    self.__output()
  File "/usr/bin/audit2allow", line 259, in __output
    fd.write("\n=========== ROLES ===============\n")
UnboundLocalError: local variable 'fd' referenced before assignment
[root@localhost ~]# 

The offending lines of /usr/bin/audit2allow appear to be:

        # Module package
        if self.__options.module_package:
            self.__output_modulepackage(writer, g)
        else:
            # File or stdout
            if self.__options.module:
                g.set_module_name(self.__options.module)

            if self.__options.output:
                fd = open(self.__options.output, "w")
            else:
                fd = sys.stdout
            writer.write(g.get_module(), fd)

        if len(self.__selinux_errs) > 0:
            fd.write("\n=========== ROLES ===============\n")

        for role in self.__selinux_errs:
            fd.write(role.output())

fd appears to get set only in the 'else' clase.

Version-Release number of selected component (if applicable):
policycoreutils-2.0.34-3.fc9

How reproducible:
Everytime

Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Tom London 2007-12-22 18:34:51 UTC
Created attachment 290295 [details]
AVCs and SELINUX_ERR input to 'audit2allow -M'

Comment 2 Tom London 2007-12-22 18:48:04 UTC
Minor nit:

Should the '==== ROLES ====' line have a '#' to make as a comment?

Comment 3 Daniel Walsh 2007-12-31 19:54:58 UTC
Fixed in   policycoreutils-2.0.34-5

Currently this is not used in modules so not yet.


Note You need to log in before you can comment on or make changes to this bug.