987369 – semanage fcontext: value error

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 987369 - semanage fcontext: value error

Summary: semanage fcontext: value error

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	7.0
Hardware:	All
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	Michal Trunecka
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	883874 1080147
TreeView+	depends on / blocked

Reported:	2013-07-23 10:19 UTC by michal novacek
Modified:	2014-09-30 23:35 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-06-13 12:28:38 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)
First quick test for semanage. (2.11 KB, text/x-python) 2013-07-24 16:04 UTC, Daniel Walsh	no flags	Details
Updated test-semanage.py patch (8.67 KB, text/x-python) 2013-07-26 16:24 UTC, Daniel Walsh	no flags	Details
Show Obsolete (1) View All

Description michal novacek 2013-07-23 10:19:45 UTC

Description of problem:
Trying to change context of newly created directory causes error. Marking
regression as this had worked in previous rhel7 snapshot (7.0-20130708.n.0).

Version-Release number of selected component (if applicable):
policycoreutils-python-2.1.14-66.el7.x86_64
RHEL-7.0-20130722.n.0

How reproducible: always

Steps to Reproduce:
1. mkdir -p /ha-web/0 /ha-web/1 
2. semanage fcontext -a -t httpd_sys_content_t "/ha-web(/.*)?"

Actual results: error, nothing changed

Expected results: changed context

Additional info:
[root@virt-006 ~]# ls -lRZ /ha-web
/ha-web:
drwxr-xr-x. root root system_u:object_r:default_t:s0   0
drwxr-xr-x. root root system_u:object_r:default_t:s0   1

/ha-web/0:

/ha-web/1:

# semanage fcontext -a -t httpd_sys_content_t "/ha-web(/.*)?"
libsepol.context_from_record: user s0 is not defined (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context s0:object_r:httpd_sys_content_t:None specified for /ha-web(/.*)? [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
ValueError: Could not commit semanage transaction

Comment 3 Milos Malik 2013-07-23 10:53:58 UTC

Could you please install the latest version of policycoreutils packages ( https://brewweb.devel.redhat.com/buildinfo?buildID=282785 ) and re-run your scenario?

Comment 4 michal novacek 2013-07-24 08:34:33 UTC

Error still stands but is slightly different:

# rpm -q policycoreutils
policycoreutils-2.1.14-67.el7.x86_64

# semanage fcontext -a -t httpd_sys_content_t "/ha-web(/.*)?"
libsepol.mls_from_string: invalid MLS context None (No such file or directory).
libsepol.mls_from_string: could not construct mls context structure (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:httpd_sys_content_t:None specified for /ha-web(/.*)? [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
ValueError: Could not commit semanage transaction

Comment 5 Michal Trunecka 2013-07-24 09:39:56 UTC

I can confirm the bug is still present in current version:
policycoreutils-2.1.14-68.el7.x86_64

Comment 6 Daniel Walsh 2013-07-24 16:03:45 UTC

Miroslav we need the unit test suite for semanage...

Fixed in policycoreutils-2.1.14-69

Comment 7 Daniel Walsh 2013-07-24 16:04:33 UTC

Created attachment 777854 [details]
First quick test for semanage.

Anyone wanting to add additional test would be great.

Comment 8 michal novacek 2013-07-25 13:46:10 UTC

I installed the policycoreutils of the recommended version but it still does
not work for me:

# rpm -q policycoreutils
policycoreutils-2.1.14-69.el7.x86_64

# python /tmp/test-semanage.py 
SELinux must be in enforcing mode for this test

# setenforce 1

# python /tmp/test-semanage.py 
Verify semanage export -f /tmp/out
Verify semanage import -f /tmp/out
..Verify semanage login -l works
Verify semanage user -l works
Verify semanage port -l works
Verify semanage interface -l works
Verify semanage node -l works
Verify semanage fcontext -l works
Verify semanage boolean -l works
.
----------------------------------------------------------------------
Ran 3 tests in 44.634s

OK

# semanage fcontext -a -t httpd_sys_content_t "/ha-web(/.*)?"
libsepol.mls_from_string: invalid MLS context None (No such file or directory).
libsepol.mls_from_string: could not construct mls context structure (No such file or directory).
libsepol.context_from_record: could not create context structure (Invalid argument).
libsemanage.validate_handler: invalid context system_u:object_r:httpd_sys_content_t:None specified for /ha-web(/.*)? [all files] (Invalid argument).
libsemanage.dbase_llist_iterate: could not iterate over records (Invalid argument).
ValueError: Could not commit semanage transaction

Comment 9 Daniel Walsh 2013-07-26 16:24:15 UTC

Created attachment 778826 [details]
Updated test-semanage.py patch

Comment 10 Daniel Walsh 2013-07-26 16:24:53 UTC

policycoreutils-2.1.14-70.el7 works with latest test-suite.

Comment 11 michal novacek 2013-07-29 13:20:26 UTC

I confirm that policycoreutils-2.1.14-70.el7 solves the issue.

Comment 12 Milos Malik 2013-08-06 07:42:48 UTC

Either "all files" or "" should not be there, because they are described as synonyms:

# semanage fcontext --help 2>&1 | grep "all files"
  -f {all files,"",--,-d,-c,-b,-s,-l,-p}, --ftype {all files,"",--,-d,-c,-b,-s,-l,-p}
                        "" (all files),-- (regular file),-d (directory),-c
# semanage fcontext -a -f "" -t tmp_t /pokus
usage: semanage fcontext [-h] [-n] [-N] [-s STORE] [ --add ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) | --delete ( -t TYPE -f FTYPE | -e EQUAL ) FILE_SPEC ) | --deleteall  | --extract  | --list -C | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) ]
semanage fcontext: error: argument -f/--ftype: invalid choice: '' (choose from 'all files', '""', '--', '-d', '-c', '-b', '-s', '-l', '-p')
# semanage fcontext -a -f '' -t tmp_t /pokus
usage: semanage fcontext [-h] [-n] [-N] [-s STORE] [ --add ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) | --delete ( -t TYPE -f FTYPE | -e EQUAL ) FILE_SPEC ) | --deleteall  | --extract  | --list -C | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) ]
semanage fcontext: error: argument -f/--ftype: invalid choice: '' (choose from 'all files', '""', '--', '-d', '-c', '-b', '-s', '-l', '-p')
# semanage fcontext -a -f '""' -t tmp_t /pokus
KeyError: ""
# semanage fcontext -a -f "''" -t tmp_t /pokus
usage: semanage fcontext [-h] [-n] [-N] [-s STORE] [ --add ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) | --delete ( -t TYPE -f FTYPE | -e EQUAL ) FILE_SPEC ) | --deleteall  | --extract  | --list -C | --modify ( -t TYPE -f FTYPE -r RANGE -s SEUSER | -e EQUAL ) FILE_SPEC ) ]
semanage fcontext: error: argument -f/--ftype: invalid choice: "''" (choose from 'all files', '""', '--', '-d', '-c', '-b', '-s', '-l', '-p')
#

Comment 13 Daniel Walsh 2013-08-06 13:07:47 UTC

Removed comments about "" and "all files" from semanage fcontext -a -f in  policycoreutils-2.1.14-72.el7

Comment 15 Ludek Smid 2014-06-13 12:28:38 UTC

This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.