Bug 528655 - policygentool does not react on user inputs
policygentool does not react on user inputs
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.4
All Linux
medium Severity medium
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
:
: 531982 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2009-10-13 04:36 EDT by Milos Malik
Modified: 2009-12-21 07:05 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-10-15 14:36:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Milos Malik 2009-10-13 04:36:06 EDT
Description of problem:


Version-Release number of selected component (if applicable):
selinux-policy-devel-2.4.6-255.el5

How reproducible:
always

Steps to Reproduce:
1) /usr/share/selinux/devel/policygentool ls /bin/ls
2) hit ENTER
3) enter any number and hit ENTER
4) policygentool prints the following:
                What type of application are you trying to confine?
                1. Standard Init Daemon
                2. Internet Services Daemon (inetd)
                3  Web Application/Script (cgi)
                4  User Application
5) repeat steps 3,4
  
Actual results:
you can the first question only

Expected results:
you can see other questions too

Additional info:
Comment 1 Milos Malik 2009-10-13 04:42:30 EDT
# diff /usr/share/selinux/devel/policygentool /usr/share/selinux/devel/policygentool.orig 
75,76c75,76
<               if input > "0" and input < "5":
<                       type = int(input)
---
>               if input > "0" and input < 5:
>                       type = int(type)

This fix works for me.
Comment 2 Milos Malik 2009-10-13 06:06:55 EDT
Even if comment #1 fix is present, policygentool prints traceback:

# /usr/share/selinux/devel/policygentool ls /bin/ls

This tool generate three files for policy development, A Type Enforcement (te)
file, a File Context (fc), and a Interface File(if).  Most of the policy rules
will be written in the te file.  Use the File Context file to associate file
paths with security context.  Use the interface rules to allow other protected
domains to interact with the newly defined domains.

After generating these files use the /usr/share/selinux/devel/Makefile to
compile your policy package.  Then use the semodule tool to load it.

# /usr/share/selinux/devel/policygentool myapp /usr/bin/myapp
# make -f /usr/share/selinux/devel/Makefile
# semodule -i myapp.pp
# restorecon -R -v /usr/bin/myapp "all files defined in myapp.fc"

Now you can turn on permissive mode, start your application and avc messages
will be generated.  You can use audit2allow to help translate the avc messages
into policy.

# setenforce 0
# service myapp start
# audit2allow -R -i /var/log/audit/audit.log

Return to continue:


                What type of application are you trying to confine?
                1. Standard Init Daemon
                2. Internet Services Daemon (inetd)
                3  Web Application/Script (cgi)
                4  User Application

4
If the module uses pidfiles, what is the pidfile called?

If the module uses logfiles, where are they stored?

If the module has var/lib files, where are they stored?

Does the module have a init script? [yN]
n
Does the module use the network? [yN]
n
Traceback (most recent call last):
  File "/usr/share/selinux/devel/policygentool", line 108, in ?
    gen_policy(
NameError: name 'gen_policy' is not defined
# echo $?
1
Comment 3 Daniel Walsh 2009-10-13 10:20:03 EDT
Could you use /usr/share/system-config-selinux/polgengui.py

THis is the preferred way and this tool is going away.
Comment 4 Milos Malik 2009-10-13 10:48:45 EDT
/usr/share/system-config-selinux/polgengui.py works fine. Thanks for advice.
Comment 5 Daniel Walsh 2009-10-15 14:36:46 EDT
Since better work around won't fix and removed from the next release.
Comment 6 Miroslav Grepl 2009-12-21 07:05:35 EST
*** Bug 531982 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.