When invoking a semanage command, some of the commands fail with an error about 'audit' not being defined. For instance, when declaring a file context: ~# semanage fcontext -a -t swapfile_t /infratest_swapfile Traceback (most recent call last): File "/usr/lib/python-exec/python2.7/semanage", line 933, in do_parser() File "/usr/lib/python-exec/python2.7/semanage", line 912, in do_parser args.func(args) File "/usr/lib/python-exec/python2.7/semanage", line 364, in handleFcontext OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser) File "/usr/lib64/python2.7/site-packages/seobject.py", line 1933, in add self.__add(target, type, ftype, serange, seuser) File "/usr/lib64/python2.7/site-packages/seobject.py", line 1929, in __add self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", type, serange)) NameError: global name 'audit' is not defined This error occurs both with USE="audit" as well as USE="-audit".
The seobject.py file seems to require audit.py, offered by sys-process/audit[python]. A few observations: (1.) sys-process/policycoreutils[audit] does not pull in sys-process/audit[python], something that probably needs to be fixed (2.) there is audit-related code in seobject.py that is wrapped in a try...except block. The audit code where this failure occurs is outside this wrapped code, it was perhaps added later on and did not reflect on the non-audit usage. If sys-process/audit is installed, with USE="python", then this problem (global name 'audit' is not defined) no longer occurs.
The audit[python] dependency is now in policycoreutils-2.6-r1 (~arch). However, the other issue (as we need to support it with USE="-audit" as well) is not resolved yet. Is reported upstream, might only be fixed in later versions.
