Bug 868657 - semanage is segfaulting when add a local fcontext
semanage is segfaulting when add a local fcontext
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
rawhide
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
: Reopened
: 868655 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-10-21 09:54 EDT by Bruno Wolff III
Modified: 2012-10-27 06:31 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-26 22:22:24 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strace output (2.36 MB, text/plain)
2012-10-24 17:05 EDT, Bruno Wolff III
no flags Details
Updated strace output for checkpolicy-2.1.11-2.fc19.i686 (2.30 MB, text/plain)
2012-10-26 00:20 EDT, Bruno Wolff III
no flags Details

  None (edit)
Description Bruno Wolff III 2012-10-21 09:54:39 EDT
Description of problem:
semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
Segmentation fault

Version-Release number of selected component (if applicable):
policycoreutils-python-2.1.13-3.fc19.i686
selinux-policy-3.11.1-41.fc18.noarch

How reproducible:
Seems to happen repeatedly.
Comment 1 Bruno Wolff III 2012-10-22 22:41:37 EDT
policycoreutils-python-2.1.13-15.fc18.i686 still has the issue.
Comment 2 Daniel Walsh 2012-10-24 15:14:20 EDT
Strange I am not seeing this.

# semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
#
What does 

semanage fcontext -l -C
SELinux fcontext                                   type               Context

/home/fedora(/.*)?                                 all files          system_u:object_r:httpd_sys_content_t:s0 
/sda3(/.*)?                                        all files          system_u:object_r:svirt_t:s0 
/test/symlinked/file                               regular file       system_u:object_r:httpd_sys_content_t:s0 
/usr/lib/libreoffice(/.*)?/bin(/.*)?               all files          system_u:object_r:bin_t:s0 

SELinux Local fcontext Equivalence 

/opt/rh/ruby-1.0 = /

Say?
Comment 3 Bruno Wolff III 2012-10-24 16:27:00 EDT
On the system with problem no output is returned:
[root@bruno bruno]# semanage fcontext -l -C
[root@bruno bruno]#
Comment 4 Daniel Walsh 2012-10-24 16:32:38 EDT
rpm -q libsemanage

Also can you get me the strace, so I have some idea where this is happening?
Comment 5 Bruno Wolff III 2012-10-24 16:41:19 EDT
libsemanage-2.1.9-1.fc19.i686

How do I get the strace? Usually python stuff just prints one when it crashes.
Comment 6 Daniel Walsh 2012-10-24 16:46:57 EDT
strace -o /tmp/strace.out semanage fcontext -d -t httpd_sys_content_t "/home/fedora(/.*)?"
Comment 7 Bruno Wolff III 2012-10-24 17:01:42 EDT
When I use -d instead of -a I just get a normal error message. Running strace didn't seem to help.
[root@bruno bruno]# strace -o /tmp/strace.out semanage fcontext -d -t httpd_sys_content_t "/home/fedora(/.*)?"
/usr/sbin/semanage: File context for /home/fedora(/.*)? is not defined
[root@bruno bruno]# strace -o /tmp/strace.out semanage fcontext -a -t httpd_sys_content_t "/home/fedora(/.*)?"
Segmentation fault
[root@bruno bruno]#
Comment 8 Bruno Wolff III 2012-10-24 17:05:01 EDT
Created attachment 633043 [details]
strace output

That was dumb. I didn't read the command to see that the output was stuff in /tmp. I have attached what i think you are looking for.
Comment 9 Miroslav Grepl 2012-10-25 04:58:52 EDT
*** Bug 868655 has been marked as a duplicate of this bug. ***
Comment 10 Daniel Walsh 2012-10-25 13:59:13 EDT
I just noticed that you are running F19 builds.  I did not know f19 had a newer build.  I will rebuild the latest into Rawhide.  I guess it is time I moved on to Rawhide.

Fixed in policycoreutils-2.1.13-16.fc19 (I hope)
Comment 11 Bruno Wolff III 2012-10-25 15:51:49 EDT
I am still getting a segfault with policycoreutils-2.1.13-17.fc19.i686. I need to run now, but I'll get an strace late tonight and also see if the minimum policy installs without error.
Comment 12 Daniel Walsh 2012-10-25 16:26:14 EDT
rpm -q libsepol libselinux
Comment 13 Daniel Walsh 2012-10-25 16:30:23 EDT
Building new versions of libselinux, libsepol and checkpolicy
Comment 14 Bruno Wolff III 2012-10-26 00:03:32 EDT
bash-4.2$ rpm -q libsepol libselinux
libsepol-2.1.8-2.fc19.i686
libselinux-2.1.12-1.fc19.i686

I'm working on doing the checkpolicy update now.
Comment 15 Bruno Wolff III 2012-10-26 00:20:26 EDT
Created attachment 633632 [details]
Updated strace output for checkpolicy-2.1.11-2.fc19.i686

The problem still happens with checkpolicy-2.1.11-2.fc19.i686.
Comment 16 Bruno Wolff III 2012-10-26 00:26:47 EDT
I'm still seeing:
Installing : selinux-policy-minimum-3.11.1-43.fc18.noarch                 1/1 
libsepol.sepol_context_from_string: malformed context "" (Invalid argument).
libsepol.sepol_context_from_string: could not construct context from string (Invalid argument).
libsepol.sepol_context_from_string: malformed context "" (Invalid argument).
libsepol.sepol_context_from_string: could not construct context from string (Invalid argument).
when reinstalling selinux-policy-minimum (the duplicate bug, 868655).
Comment 17 Bruno Wolff III 2012-10-26 16:05:13 EDT
With policycoreutils-2.1.13-18.fc19.i686 selinux-policy-minimum-3.11.1-43.fc18.noarch re-installs cleanly, but I am still seeing a segfault when trying to add a context pattern with semanage.
Comment 18 Bruno Wolff III 2012-10-26 22:22:24 EDT
After upgrading to selinux-policy-3.11.1-46.fc18.noarch (and corresponding subpackages) I can now add local context rules. It's odd that this fixed this, but my immediate problem is resolved.
Comment 19 Daniel Walsh 2012-10-27 06:31:58 EDT
I have no idea.  Bruno thanks for your patience.  I am trying to upgrade to rawhide and for some reason yum is blowing up, leaving me half way there.  If you have more problems reopen the bug.

Note You need to log in before you can comment on or make changes to this bug.