Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoking "Select" in "SELinux Configuration" opens a window that is immediately closed #206

Closed
Ricky-Tigg opened this issue Mar 11, 2020 · 4 comments
Closed

Invoking "Select" in "SELinux Configuration" opens a window that is immediately closed #206

Ricky-Tigg opened this issue Mar 11, 2020 · 4 comments

Comments

@Ricky-Tigg
Copy link

Ricky-Tigg commented Mar 11, 2020
edited

Component: policycoreutils-gui.noarch 2.9-5.fc31 @fedora
Environment: Wayland

Installed packages along with policycoreutils-gui, in Gnome:

gnome_search_selinux

Those icons are respectively listed in Gnome as follow:

$ gsettings get org.gnome.shell favorite-apps
['sepolicy.desktop', 'selinux-polgengui.desktop', 'system-config-selinux.desktop']
  1. A common icon is associated to different applications (SELinux Policy..., SELinux Manag..., ).

Loading from GUI SELinux Policy Management Tool (left-sided icon) opens that window (partial view):

Selinux-configuration_GUI

Associated process:

$ ps -aux | grep selinux
root       26906  0.0  0.2 244212 21140 ?        S    14:36   0:00 /usr/bin/python3 -Es /usr/share/system-config-selinux/selinux_server.py

  1. Titles of application listed by Gnome and the one of opened window resulting from that invocation do not match.

  2. Invoking Select ... opens a window that is immediately closed.

  3. Attempt to load from CLI does not open application window:

$ rpm -ql policycoreutils-gui | grep selinux.py
/usr/share/system-config-selinux/system-config-selinux.py
$ /usr/share/system-config-selinux/system-config-selinux.py
Traceback (most recent call last):
  File "/usr/share/system-config-selinux/system-config-selinux.py", line 100, in __init__
    self.add_page(booleansPage.booleansPage(xml))
  File "/usr/share/system-config-selinux/booleansPage.py", line 142, in __init__
    self.load(self.filter)
  File "/usr/share/system-config-selinux/booleansPage.py", line 212, in load
    self.booleans = seobject.booleanRecords()
  File "/usr/lib/python3.7/site-packages/seobject.py", line 2682, in __init__
    semanageRecords.__init__(self, args)
  File "/usr/lib/python3.7/site-packages/seobject.py", line 256, in __init__
    self.sh = self.get_handle(self.store)
  File "/usr/lib/python3.7/site-packages/seobject.py", line 285, in get_handle
    raise ValueError(_("SELinux policy is not managed or store cannot be accessed."))
ValueError: SELinux policy is not managed or store cannot be accessed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/share/system-config-selinux/system-config-selinux.py", line 196, in <module>
    app = childWindow()
  File "/usr/share/system-config-selinux/system-config-selinux.py", line 108, in __init__
    self.error(e.message)
AttributeError: 'ValueError' object has no attribute 'message'
@stephensmalley
Copy link
Member

Recommend opening a bug on Fedora's bugzilla on that package/version. Not sure if this is an upstream issue but let's start there since these tools were all originally developed in Fedora and then contributed upstream.

@bachradsusi
Copy link
Member

system-config-selinux needs to be run as root. In Fedora, it's accomplished using pkexec:

^&^ cat /usr/bin/system-config-selinux
#!/usr/bin/sh

exec /usr/bin/pkexec /usr/share/system-config-selinux/system-config-selinux.py

Please run /usr/bin/system-config-selinux instead of /usr/share/system-config-selinux/system-config-selinux.py which is not in the standard PATH.

@Ricky-Tigg
Copy link
Author

Hey. That one I had run with success with the intention to launch application associated to icon SELinux Manag.... when sudo is omitted, as it was the case, Gnome prompts for password autentification.

Here is was I had get:

$ which system-config-selinux
/usr/bin/system-config-selinux
$ system-config-selinux

** (system-config-selinux.py:5417): WARNING **: 09:19:11.258: AT-SPI: Could not obtain desktop path or name


** (system-config-selinux.py:5417): WARNING **: 09:19:11.260: atk-bridge: GetRegisteredEvents returned message with unknown signature

** (system-config-selinux.py:5417): WARNING **: 09:19:11.260: atk-bridge: get_device_events_reply: unknown signature

** (system-config-selinux.py:5417): WARNING **: 09:19:11.261: atk-bridge: get_device_events_reply: unknown signature

That very application I had had the intention to launch from CLI by using ...system-config-selinux.py, was SELinux Policy Management Tool. However, an eligible path to a binary file matching sepolicy.desktop is missing as illustrated:

$ rpm -ql policycoreutils-gui
/usr/bin/selinux-polgengui
/usr/bin/system-config-selinux
[...]
/usr/share/applications/selinux-polgengui.desktop
/usr/share/applications/sepolicy.desktop
/usr/share/applications/system-config-selinux.desktop
[...]
/usr/share/system-config-selinux
[...]

bachradsusi added a commit to bachradsusi/SELinuxProject-selinux that referenced this issue Dec 8, 2022
@bachradsusi
sepolicy: Switch main selection menu to GtkPopover
8e6e6b5 
Fixes: SELinuxProject#206

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
@bachradsusi
Copy link
Member

https://lore.kernel.org/selinux/20221208194335.479739-1-lautrbach@redhat.com/

jwcart2 pushed a commit to jwcart2/selinux that referenced this issue Dec 16, 2022
@bachradsusi @jwcart2
sepolicy: Switch main selection menu to GtkPopover
e6913ff 
Fixes: SELinuxProject#206

Signed-off-by: Petr Lautrbach <lautrbach@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@stephensmalley @bachradsusi @Ricky-Tigg