Using "sepolgen generate" to generate a template policy results in a python traceback, seemingly for any flag I use. I've tried --init and --application and the traceback is exactly the same. It is as follows: Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module> args.func(args) File "/usr/lib/python-exec/python2.7/sepolicy", line 482, in generate mypolicy = policy(args.name, args.policytype) File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 196, in __init__ self.ports = get_all_ports() File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 97, in get_all_ports dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range']) KeyError: 'range' This error can even be reproduced for me from the manpage example. I've tried it with security in enforced and permissive to the same effect. Reproducible: Always Steps to Reproduce: 1. sepolicy generate --init /usr/sbin/rwhod Actual Results: Python traceback as above Expected Results: Policy template is generated
It looks like "sepolgen generate" assumes you are working on Fedora, for instance: # sepolgen generate --init /usr/sbin/logoutd Failed to retrieve rpm info for selinux-policy Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module> args.func(args) File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate print mypolicy.generate(args.path) File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file")) File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec fd.write(self.generate_spec()) File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec selinux_policyver = get_rpm_nvr_list("selinux-policy")[1] TypeError: 'NoneType' object has no attribute '__getitem__' Retrieve rpm info for selinux-policy? Really? ... I might need to "fix" this bug by not installing/supporting sepolgen-generate...
I've sent a possible patch upstream. It looks like the RPM stuff is only for a small part of the policy generation, and with this patch things seem to work on Gentoo: http://marc.info/?l=selinux&m=143384946920395&w=2
sys-apps/policycoreutils-2.4-r2 is now in the tree with this patch in.
2.4-r2 is stable