When invoking a semanage command, some of the commands fail with an error about 'audit' not being defined. For instance, when declaring a file context:
~# semanage fcontext -a -t swapfile_t /infratest_swapfile
Traceback (most recent call last):
File "/usr/lib/python-exec/python2.7/semanage", line 933, in
File "/usr/lib/python-exec/python2.7/semanage", line 912, in do_parser
File "/usr/lib/python-exec/python2.7/semanage", line 364, in handleFcontext
OBJECT.add(args.file_spec, args.type, args.ftype, args.range, args.seuser)
File "/usr/lib64/python2.7/site-packages/seobject.py", line 1933, in add
self.__add(target, type, ftype, serange, seuser)
File "/usr/lib64/python2.7/site-packages/seobject.py", line 1929, in __add
self.mylog.log_change("resrc=fcontext op=add %s ftype=%s tcontext=%s:%s:%s:%s" % (audit.audit_encode_nv_string("tglob", target, 0), ftype_to_audit[ftype], seuser, "object_r", type, serange))
NameError: global name 'audit' is not defined
This error occurs both with USE="audit" as well as USE="-audit".
The seobject.py file seems to require audit.py, offered by sys-process/audit[python]. A few observations:
(1.) sys-process/policycoreutils[audit] does not pull in sys-process/audit[python], something that probably needs to be fixed
(2.) there is audit-related code in seobject.py that is wrapped in a try...except block. The audit code where this failure occurs is outside this wrapped code, it was perhaps added later on and did not reflect on the non-audit usage.
If sys-process/audit is installed, with USE="python", then this problem (global name 'audit' is not defined) no longer occurs.
The audit[python] dependency is now in policycoreutils-2.6-r1 (~arch).
However, the other issue (as we need to support it with USE="-audit" as well) is not resolved yet. Is reported upstream, might only be fixed in later versions.