Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 534682

Summary: <sys-apps/policycoreutils-2.4-r2 - sepolgen fails to generate template policy
Product: Gentoo Linux Reporter: Dan O. <dan>
Component: SELinuxAssignee: Sven Vermeulen (RETIRED) <swift>
Status: RESOLVED FIXED    
Severity: normal CC: selinux
Priority: Normal    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
Whiteboard: selinux-utils
Package list:
Runtime testing required: ---

Description Dan O. 2015-01-04 18:44:35 UTC 
Using "sepolgen generate" to generate a template policy results in a python traceback, seemingly for any flag I use. I've tried --init and --application and the traceback is exactly the same. It is as follows:

Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
    args.func(args)
  File "/usr/lib/python-exec/python2.7/sepolicy", line 482, in generate
    mypolicy = policy(args.name, args.policytype)
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 196, in __init__
    self.ports = get_all_ports()
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 97, in get_all_ports
    dict[(p['low'], p['high'], p['protocol'])]=(p['type'], p['range'])
KeyError: 'range'

This error can even be reproduced for me from the manpage example. I've tried it with security in enforced and permissive to the same effect.

Reproducible: Always

Steps to Reproduce:
1. sepolicy generate --init /usr/sbin/rwhod
Actual Results:  
Python traceback as above

Expected Results:  
Policy template is generated
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2015-02-16 15:57:30 UTC 
It looks like "sepolgen generate" assumes you are working on Fedora, for instance:

# sepolgen generate --init /usr/sbin/logoutd 
Failed to retrieve rpm info for selinux-policy
Traceback (most recent call last):
  File "/usr/lib/python-exec/python2.7/sepolicy", line 643, in <module>
    args.func(args)
  File "/usr/lib/python-exec/python2.7/sepolicy", line 517, in generate
    print mypolicy.generate(args.path)
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1370, in generate
    out += "%s # %s\n" % (self.write_spec(out_dir), _("Spec file"))
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1219, in write_spec
    fd.write(self.generate_spec())
  File "/usr/lib64/python2.7/site-packages/sepolicy/generate.py", line 1181, in generate_spec
    selinux_policyver = get_rpm_nvr_list("selinux-policy")[1]
TypeError: 'NoneType' object has no attribute '__getitem__'

Retrieve rpm info for selinux-policy? Really? ...

I might need to "fix" this bug by not installing/supporting sepolgen-generate...
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2015-06-09 11:36:44 UTC 
I've sent a possible patch upstream. It looks like the RPM stuff is only for a small part of the policy generation, and with this patch things seem to work on Gentoo:

http://marc.info/?l=selinux&m=143384946920395&w=2
Comment 3 Sven Vermeulen (RETIRED) gentoo-dev 2015-08-25 16:37:01 UTC 
sys-apps/policycoreutils-2.4-r2 is now in the tree with this patch in.
Comment 4 Jason Zaman gentoo-dev 2015-11-22 10:41:27 UTC 
2.4-r2 is stable