Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[semanage] [python-sepol] semanage crashes on systems without policy #81

Closed
schmittlauch opened this issue Feb 26, 2018 · 7 comments
Closed

[semanage] [python-sepol] semanage crashes on systems without policy #81

schmittlauch opened this issue Feb 26, 2018 · 7 comments

Comments

@schmittlauch
Copy link

schmittlauch commented Feb 26, 2018
edited

The semanage tool crashes on systems without installed policies:

# semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.4/site-packages/seobject.py", line 1039, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.4/site-packages/seobject.py", line 1041, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.4/site-packages/sepolicy/__init__.py", line 196, in <genexpr>
    return ({
  File "/usr/lib/python3.4/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

This is caused by sepol (the python module) setting the global _pol variable to None – something setools.TypeAttributeQuery can't deal with.

platform details:

python3-modules used with python-3.4.3
distribution: mer
libselinux/ libsepol/ libsemanage/ policycoreutils: v2.7
python3-setools: 4.1.1

disclaimer: policycoreutils and setools are customly packaged, this is a possible (but unlikely) error source
@stephensmalley
Copy link
Member

Reproduced upstream, e.g. just mv /etc/selinux /etc/selinux.old and try running semanage as above.

@fishilico
Copy link
Member

This behavior is mainly due to having valid_types = list(list(sepolicy.info(... in class definitions instead of having them in class constructors (in seobject.py). This makes it harder to catch the fact that no policy is loaded.
I suggest moving the valid_types definitions to class constructors, to give importers of seobject.py the possibility to display a nice error message if no policy is loaded (or to specify a policy to be loaded).
What do you think of this?

fishilico added a commit to fishilico/selinux that referenced this issue Aug 4, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
00eb0cc 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 4, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
17620e3 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 6, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
1d66085 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 15, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
f8ab2c2 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 15, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
9d5019d 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 18, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
f132610 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 19, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
6941a11 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
fishilico added a commit to fishilico/selinux that referenced this issue Aug 22, 2018
@fishilico
[WIP] python/semanage: move valid_types initialisations to class cons…
2e16d46 
…tructors

This is to allow running "semanage" without triggering a stack trace
like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81.

TODO: gui/ uses seobject.portRecords several times. The result could be
cached, in a class attribute
TODO: IB data does not use sepolicy but reloads the policy !?!

Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
bachradsusi added a commit to fedora-selinux/selinux that referenced this issue Dec 18, 2018
@bachradsusi
python/semanage: import sepolicy only when it's needed
b5fe76f 
Related:
SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@bachradsusi bachradsusi reopened this Dec 20, 2018
bachradsusi added a commit to bachradsusi/SELinuxProject-selinux that referenced this issue Dec 20, 2018
@bachradsusi
python/semanage: move valid_types initialisations to class constructors
8c3ce4a 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi added a commit to bachradsusi/SELinuxProject-selinux that referenced this issue Dec 20, 2018
@bachradsusi
python/semanage: import sepolicy only when it's needed
e03dffb 
Related:
SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@bachradsusi bachradsusi mentioned this issue Dec 20, 2018
Closed
fishilico pushed a commit to fishilico/selinux that referenced this issue Dec 20, 2018
@bachradsusi @fishilico
python/semanage: move valid_types initialisations to class constructors
0dd16bb 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
fishilico pushed a commit to fishilico/selinux that referenced this issue Dec 20, 2018
@bachradsusi @fishilico
python/semanage: import sepolicy only when it's needed
56d1465 
Related:
SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi added a commit to bachradsusi/selinux that referenced this issue Jan 3, 2019
@bachradsusi
python/semanage: move valid_types initialisations to class constructors
fbaa564 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi added a commit to bachradsusi/selinux that referenced this issue Jan 3, 2019
@bachradsusi
python/semanage: import sepolicy only when it's needed
a5bf592 
Related:
SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@bachradsusi
Copy link
Member

I should probably drop the reference to this issue from my working commits in order to prevent another automatic closing. Sorry for the noise.

@bachradsusi bachradsusi reopened this Jan 4, 2019
fishilico pushed a commit to fishilico/selinux that referenced this issue Jan 5, 2019
@bachradsusi @fishilico
python/semanage: move valid_types initialisations to class constructors
a7eca7a 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
fishilico pushed a commit to fishilico/selinux that referenced this issue Jan 5, 2019
@bachradsusi @fishilico
python/semanage: import sepolicy only when it's needed
8b300a3 
Related:
SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
fishilico pushed a commit to fishilico/selinux that referenced this issue Jan 5, 2019
@bachradsusi @fishilico
python/semanage: move valid_types initialisations to class constructors
a73b0bb 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
fishilico pushed a commit to fishilico/selinux that referenced this issue Jan 5, 2019
@bachradsusi @fishilico
python/semanage: import sepolicy only when it's needed
e718c2a 
Related:
SELinuxProject#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi added a commit to bachradsusi/selinux that referenced this issue Jan 7, 2019
@bachradsusi
python/semanage: move valid_types initialisations to class constructors
37f08bd 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
bachradsusi added a commit to bachradsusi/selinux that referenced this issue Jan 7, 2019
@bachradsusi
python/semanage: import sepolicy only when it's needed
e7c7297 
Related:
SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@bachradsusi
Copy link
Member

Fixed by a73b0bb e718c2a

@devZer0
Copy link

devZer0 commented Feb 10, 2019

on recent debian 9.7, i'm also getting this. some note about the missing package would be nice, i found this via strace...

charleseb pushed a commit to MotorolaMobilityLLC/external-selinux that referenced this issue Jan 21, 2020
@bachradsusi @fishilico
python/semanage: move valid_types initialisations to class constructors
296349b 
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org>

Fixes:
$ sudo semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr>
    return ({
  File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
charleseb pushed a commit to MotorolaMobilityLLC/external-selinux that referenced this issue Jan 21, 2020
@bachradsusi @fishilico
python/semanage: import sepolicy only when it's needed
b57c422 
Related:
SELinuxProject/selinux#81

Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@gnoejuan gnoejuan mentioned this issue Apr 19, 2020
Closed
@renannprado
Copy link

@devZer0 would be nice if you say which is the missing package...

I have this problem in Ubuntu still.

Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.4 LTS
Release:	18.04
Codename:	bionic

@JeanCarlosChavarriaHughes
Copy link

Facing the same issue when doing:

# semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3/dist-packages/seobject.py", line 1039, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3/dist-packages/seobject.py", line 1041, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3/dist-packages/sepolicy/__init__.py", line 196, in <genexpr>
    return ({
  File "/usr/lib/python3/dist-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

OR

# semanage permissive -a httpd_t
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3/dist-packages/seobject.py", line 1039, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3/dist-packages/seobject.py", line 1041, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3/dist-packages/sepolicy/__init__.py", line 196, in <genexpr>
    return ({
  File "/usr/lib/python3/dist-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

Environment

Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.5 LTS
Release:	18.04
Codename:	bionic

Python 3.6.9

pip 20.2.3

python3-setools is already the newest version (4.1.1-3)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@fishilico @schmittlauch @renannprado @devZer0 @stephensmalley @bachradsusi @JeanCarlosChavarriaHughes