Description of problem: I tried the new audit2why and audit2allow -w functionality in policycoreutils [root@localhost dgrift]# audit2allow -w -i /var/log/audit/audit.log Traceback (most recent call last): File "/usr/bin/audit2allow", line 345, in <module> app.main() File "/usr/bin/audit2allow", line 339, in main self.__output() File "/usr/bin/audit2allow", line 286, in __output return self.__output_audit2why() File "/usr/bin/audit2allow", line 230, in __output_audit2why raise RuntimeError("Must call policy_init first") RuntimeError: Must call policy_init first [root@localhost dgrift]# man audit2allow [root@localhost dgrift]# audit2why -i /var/log/audit/audit.log Traceback (most recent call last): File "/usr/bin/audit2allow", line 345, in <module> app.main() File "/usr/bin/audit2allow", line 339, in main self.__output() File "/usr/bin/audit2allow", line 286, in __output return self.__output_audit2why() File "/usr/bin/audit2allow", line 230, in __output_audit2why raise RuntimeError("Must call policy_init first") RuntimeError: Must call policy_init first Version-Release number of selected component (if applicable): policycoreutils-2.0.37-1.fc9 How reproducible: audit2allow -w -i /var/log/audit/audit.log audit2why -i /var/log/audit/audit.log Actual results: Expected results: Additional info:
That is strange. Do you have selinux-policy installed and a policy file in /etc/selinux/targeted/policy/? Are you running with targeted policy?
[dgrift@localhost ~]$ ls -alZ /etc/selinux/targeted/policy drwxr-xr-x root root system_u:object_r:policy_config_t:s0 . drwxr-xr-x root root system_u:object_r:selinux_config_t:s0 .. -rw------- root root unconfined_u:object_r:policy_config_t:s0 policy.22 [dgrift@localhost ~]$ rpm -qa | grep selinux libselinux-2.0.49-1.fc9 selinux-policy-targeted-3.2.5-18.fc9 libselinux-python-2.0.49-1.fc9 selinux-policy-3.2.5-18.fc9 selinux-policy-devel-3.2.5-18.fc9 SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 21 Policy from config file: targeted that is strange: sestatus reports policy.21, whilst policy.22 is installed in /etc/selinux/targeted/policy
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping