534682 – <sys-apps/policycoreutils-2.4-r2 - sepolgen fails to generate template policy

Bug 534682 - <sys-apps/policycoreutils-2.4-r2 - sepolgen fails to generate template policy

Summary: <sys-apps/policycoreutils-2.4-r2 - sepolgen fails to generate template policy

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	AMD64 Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:	selinux-utils
Keywords:

Depends on:
Blocks:

Reported:	2015-01-04 18:44 UTC by Dan O.
Modified:	2015-11-22 10:41 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Dan O. 2015-01-04 18:44:35 UTC

Using "sepolgen generate" to generate a template policy results in a python traceback, seemingly for any flag I use. I've tried --init and --application and the traceback is exactly the same. It is as follows:

Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
    args.func(args)
  File "/usr/lib/python-exec/python2.7/sepolicy", line 482, in generate
    mypolicy = policy(args.name, args.policytype)
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 196, in __init__
    self.ports = get_all_ports()
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 97, in get_all_ports
    dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
KeyError: 'range'

This error can even be reproduced for me from the manpage example. I've tried it with security in enforced and permissive to the same effect.

Reproducible: Always

Steps to Reproduce:
1. sepolicy generate --init /usr/sbin/rwhod
Actual Results:  
Python traceback as above

Expected Results:  
Policy template is generated

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2015-02-16 15:57:30 UTC

It looks like "sepolgen generate" assumes you are working on Fedora, for instance:

# sepolgen generate --init /usr/sbin/logoutd 
Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
    args.func(args)
  File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate
    print mypolicy.generate(args.path)
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate
    out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec
    fd.write(self.generate_spec())
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec
    selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
TypeError: 'NoneType' object has no attribute '__getitem__'

Retrieve rpm info for selinux-policy? Really? ...

I might need to "fix" this bug by not installing/supporting sepolgen-generate...

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2015-06-09 11:36:44 UTC

I've sent a possible patch upstream. It looks like the RPM stuff is only for a small part of the policy generation, and with this patch things seem to work on Gentoo:

http://marc.info/?l=selinux&m=143384946920395&w=2

Comment 3 Sven Vermeulen (RETIRED) gentoo-dev

2015-08-25 16:37:01 UTC

sys-apps/policycoreutils-2.4-r2 is now in the tree with this patch in.

Comment 4 Jason Zaman gentoo-dev

2015-11-22 10:41:27 UTC

2.4-r2 is stable