Bug 621638 - sealert -a can't read from stdin
Summary: sealert -a can't read from stdin
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: setroubleshoot
Version: 5.5
Hardware: All
OS: Linux
low
low
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-08-05 17:43 UTC by Bart Dopheide
Modified: 2013-04-24 19:48 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-24 19:48:18 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Bart Dopheide 2010-08-05 17:43:25 UTC
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. sealert -a -
  
Actual results:
Traceback (most recent call last):
  File "/usr/bin/sealert", line 982, in ?
    from setroubleshoot.gui_utils import *
ImportError: No module named gui_utils


Expected results:
A decent analysis report (if entered input is OK of course)


Additional info:
I also tried the following:
[root@vti09 tmp]# sealert -a <(grep named /var/log/audit/audit.log)
  0% doneTraceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/setroubleshoot/analyze.py", line 620, in task
    self.progress = float(self.n_bytes_read) / float(self.file_size)
ZeroDivisionError: float division
<sealert seems to hang...>
Probably related, but perhaps a completely different bug.

# rpm -qf $(which sealert)
setroubleshoot-server-2.0.5-5.el5
# cat /etc/redhat-release 
Red Hat Enterprise Linux Server release 5.5 (Tikanga)

Comment 1 Daniel Walsh 2010-08-05 19:06:25 UTC
Are you requesting an enhancement?

I don't believe we support this.

sealert -s /dev/stdin 

Would probably work

Comment 2 Bart Dopheide 2010-08-05 21:19:02 UTC
No, I am not requesting an enhancement. It is still a bug to me. Let me elaborate a bit.

As a first time fiddler with SELinux, I'm scanning /var/log/audit/audit.log on various RHEL5 boxes. As I was only interested in named at this time and it was too late to let setroubleshootd its job, it felt like running sealert -a on relevant audit lines would be the way to go. My initial command:

grep named /var/log/audit/audit.log | sealert -a -

As this does not work, I was stunned to find that a construction involving a regular file does work:

TMPFILE=$(mktemp /tmp/sealert.XXXXXX)
grep named /var/log/audit/audit.log > "${TMPFILE}"
sealert -a "${TMPFILE}"
/bin/rm "${TMPFILE}"

The manual page it quite clear about -a:
       -a --analyze file
              Scan a log file, analyze it’s AVC’s
It does not state that 'file' should be a regular file, so IMHO a pipe should work. But neither with '-', nor /dev/stdin, nor bash's <(command_as_named_piped) works.

I must confess that '-' might rather be a feature request, to mean 'read from stdin', but the other two should work (IMHO). Hope this clarifies my bugreport.

Comment 3 Daniel Walsh 2010-08-10 15:30:39 UTC
That is fine, but setroubleshoot is not currently an approved package for update on RHEL5.  So this bug is likely to be closed.  If you request it on RHEL6 or F13/F14 it would likely get done.

Comment 5 Milos Malik 2010-09-22 07:34:39 UTC
Following file is part of setroubleshoot package, but sealert is part of setroubleshoot-server package, which does not require setroubleshoot package:
    /usr/lib/python2.4/site-packages/setroubleshoot/gui_utils.py

Another reproducer for the same problem:
(log into an X session)
# rpm -qa setr\*
setroubleshoot-server-2.0.5-5.el5.noarch
setroubleshoot-plugins-2.0.4-2.el5.noarch
setroubleshoot-2.0.5-5.el5.noarch
# rpm -e setroubleshoot
# sealert -a /var/log/audit/audit.log.
Traceback (most recent call last):
  File "/usr/bin/sealert", line 982, in ?
    from setroubleshoot.gui_utils import *
ImportError: No module named gui_utils

There is a redundant '.' character at the end of sealert command line. This bug is not an RFE.

If both setroubleshoot and setroubleshoot-server packages are installed, you will see a graphical window with following traceback:
Opps, sealert hit an error!

Traceback (most recent call last):
  File "/usr/bin/sealert", line 968, in ?
    do_analyze_logfile(logfile, html)
  File "/usr/bin/sealert", line 824, in do_analyze_logfile
    scanner.scan_file()
  File "/usr/bin/sealert", line 804, in scan_file
    self.analyzer.open()
  File "/usr/lib/python2.4/site-packages/setroubleshoot/analyze.py", line 549, in open
    log_avc.error('%s.open()', self.__class__.__name__, e.strerror)
  File "/usr/lib64/python2.4/logging/__init__.py", line 999, in error
    apply(self._log, (ERROR, msg, args), kwargs)
  File "/usr/lib64/python2.4/logging/__init__.py", line 1079, in _log
    self.handle(record)
  File "/usr/lib64/python2.4/logging/__init__.py", line 1089, in handle
    self.callHandlers(record)
  File "/usr/lib64/python2.4/logging/__init__.py", line 1126, in callHandlers
    hdlr.handle(record)
  File "/usr/lib64/python2.4/logging/__init__.py", line 642, in handle
    self.emit(record)
  File "/usr/lib64/python2.4/logging/handlers.py", line 663, in emit
    msg = self.format(record)
  File "/usr/lib64/python2.4/logging/__init__.py", line 617, in format
    return fmt.format(record)
  File "/usr/lib64/python2.4/logging/__init__.py", line 405, in format
    record.message = record.getMessage()
  File "/usr/lib64/python2.4/logging/__init__.py", line 276, in getMessage
    msg = msg % self.args
TypeError: not all arguments converted during string formatting

Comment 6 RHEL Program Management 2010-09-22 07:46:45 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated in the
current release, Red Hat is unfortunately unable to address this
request at this time. Red Hat invites you to ask your support
representative to propose this request, if appropriate and relevant,
in the next release of Red Hat Enterprise Linux.

Comment 7 Milos Malik 2013-03-14 08:47:14 UTC
Both scenarios from comment#5 still give tracebacks.


Note You need to log in before you can comment on or make changes to this bug.