468830 – <sys-apps/policycoreutils-2.1.14-r2 sepolicy seems to depend on MLS

Bug 468830 - <sys-apps/policycoreutils-2.1.14-r2 sepolicy seems to depend on MLS

Summary: <sys-apps/policycoreutils-2.1.14-r2 sepolicy seems to depend on MLS

Status:	VERIFIED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	SELinux (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Sven Vermeulen (RETIRED)

URL:
Whiteboard:	selinux-utils
Keywords:

Depends on:
Blocks:

Reported:	2013-05-07 08:24 UTC by Sven Vermeulen (RETIRED)
Modified:	2013-06-16 18:25 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sven Vermeulen (RETIRED) gentoo-dev

2013-05-07 08:24:28 UTC

When asking sepolicy to get any information, a backtrace is shown:

"""
  File "/usr/bin/sepolicy-2.7", line 63, in __call__
    from sepolicy.network import domains
  File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 44, in <module>
    portrecs, portrecsbynum = _gen_port_dict()
  File "/usr/lib64/python2.7/site-packages/sepolicy/network.py", line 31, in _gen_port_dict
    for i in info(sepolicy.PORT):
  File "/usr/lib64/python2.7/site-packages/sepolicy/__init__.py", line 182, in info
    dict_list = _policy.info(setype, name)
RuntimeError: No such file or directory
"""

This is because the _policy code (policy.c) calls the wrap_info() (info.c), which calls info(), which calls get_ports().

The get_ports() eventually does the following check:
"""
if((range = apol_context_get_range(c)) == NULL)
  goto err;
"""

As a result, systems with no MLS support (like the targeted and strict that we use) break.

Reproducible: Always

Comment 1 Sven Vermeulen (RETIRED) gentoo-dev

2013-05-07 09:36:23 UTC

In main tree, ~arch'ed

Comment 2 Sven Vermeulen (RETIRED) gentoo-dev

2013-06-16 18:25:42 UTC

Stabilized