Description of problem: allow2audit -b fails with "Error parsing start date" for non-north american locales. Version-Release number of selected component (if applicable): policycoreutils-python-2.1.11-18.fc17.x86_64 How reproducible: Always. Steps to Reproduce: 1. Arrange for boot time to be after the 12th day of the month 2. LC_ALL=en_AU.UTF-8 audit2allow -b 3. Actual results: Error parsing start date (08/28/2012) Expected results: A list of suggested "allow" rules Additional info: LC_ALL=en_US.UTF-8 audit2allow -b works. It would seem that the boot date is always in mm/dd/yyyy format regardless of locale, but it is being parsed in the current locale which expects dd/mm/yyyy.
Steve does ausearch handle this properly?
Ausearch does this in main() : /* Check params and build regexpr */ setlocale (LC_ALL, ""); According to the man page: If locale is "", each part of the locale that should be modified is set according to the environment variables. So, ausearch _should_ be OK. Does policycoreutils use ausearch or libauparse?
I'm not sure what would be the equivalent as there is no "since boot" option for ausearch. I can set -te or -ts putting the date in the en_AU locale format and it works properly and it all works properly.
def get_audit_boot_msgs(): """Obtain all of the avc and policy load messages from the audit log. This function uses ausearch and requires that the current process have sufficient rights to run ausearch. Returns: string contain all of the audit messages returned by ausearch. """ import subprocess import time fd=open("/proc/uptime", "r") off=float(fd.read().split()[0]) fd.close s = time.localtime(time.time() - off) date = time.strftime("%D/%Y", s).split("/") bootdate="%s/%s/%s" % (date[0], date[1], date[3]) boottime = time.strftime("%X", s) output = subprocess.Popen(["/sbin/ausearch", "-m", "AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR", "-ts", bootdate, boottime], stdout=subprocess.PIPE).communicate()[0] return output This is the python code that we are calling.
So how about: bootdate = time.strftime("%x", s) instead of date = time.strftime("%D/%Y", s).split("/") bootdate="%s/%s/%s" % (date[0], date[1], date[3]) At least in my locale, the year is in 2 digit format, so this would fail if the boot date it before a century boundary boundary, but otherwise should work.
Fixed in policycoreutils-2.1.12-4.fc17
policycoreutils-2.1.12-4.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.12-4.fc17
Package policycoreutils-2.1.12-4.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-4.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-4.fc17 then log in and leave karma (feedback).
Package policycoreutils-2.1.12-5.fc17: * should fix your issue, * was pushed to the Fedora 17 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.12-5.fc17' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-16848/policycoreutils-2.1.12-5.fc17 then log in and leave karma (feedback).
policycoreutils-2.1.12-5.fc17 breaks on my system. Running "audit2allow -b" results in: Error - year is 12 Tracked the problem down to the date string generated with above fix... which resulted in the following ausearch call: /sbin/ausearch -m AVC,USER_AVC,MAC_POLICY_LOAD,DAEMON_START,SELINUX_ERR -ts 12/06/12 14:45:43 My LANG environment (set on the kernel commandline and in /etc/locale.conf) is: LANG=en_US.UTF-8 Modifying the LANG to something other than UTF-8 works around the issue, eg: LANG=en_US.en_AU audit2allow -b ... works.
We have fixed this in the F18 code base.
Any chance of getting this backported? Most people probably won't discover the LANG workaround in F17...
Just check if adding these lines to /usr/bin/audit2allow fixes the problem. diff -u audit2allow /usr/bin/audit2allow --- audit2allow 2012-09-25 16:17:37.000000000 -0400 +++ /usr/bin/audit2allow 2012-12-10 11:10:12.000000000 -0500 @@ -29,6 +29,8 @@ import sepolgen.module as module from sepolgen.sepolgeni18n import _ import selinux.audit2why as audit2why +import locale +locale.setlocale(locale.LC_ALL, '') class AuditToPolicy: VERSION = "%prog .1" [Exit 1]
Yep, tried the patch and both audit2allow and audit2why work as expected.
Fixed in policycoreutils-2.1.13-27.1.fc17
policycoreutils-2.1.13-27.1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.1.fc17
Updated to 2.1.13-27.1 - audit2allow works great :) Added karma on fedoraproject.
policycoreutils-2.1.12-5.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
policycoreutils-2.1.13-27.2.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.2.fc17
policycoreutils-2.1.13-27.3.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/policycoreutils-2.1.13-27.3.fc17
policycoreutils-2.1.13-27.3.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.