New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[semanage] [python-sepol] semanage crashes on systems without policy #81
Comments
Reproduced upstream, e.g. just mv /etc/selinux /etc/selinux.old and try running semanage as above. |
This behavior is mainly due to having |
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
…tructors This is to allow running "semanage" without triggering a stack trace like in https://github.com/SELinuxProject/selinux SELinuxProject/issues/81. TODO: gui/ uses seobject.portRecords several times. The result could be cached, in a class attribute TODO: IB data does not use sepolicy but reloads the policy !?! Not-yet-Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
Related: SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
I should probably drop the reference to this issue from my working commits in order to prevent another automatic closing. Sorry for the noise. |
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
on recent debian 9.7, i'm also getting this. some note about the missing package would be nice, i found this via strace... |
Based on idea from Nicolas Iooss <nicolas.iooss@m4x.org> Fixes: $ sudo semanage Traceback (most recent call last): File "/usr/sbin/semanage", line 28, in <module> import seobject File "/usr/lib/python3.7/site-packages/seobject.py", line 1045, in <module> class portRecords(semanageRecords): File "/usr/lib/python3.7/site-packages/seobject.py", line 1047, in portRecords valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"]) File "/usr/lib/python3.7/site-packages/sepolicy/__init__.py", line 203, in <genexpr> return ({ File "/usr/lib64/python3.7/site-packages/setools/typeattrquery.py", line 65, in results for attr in self.policy.typeattributes(): AttributeError: 'NoneType' object has no attribute 'typeattributes' SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
Related: SELinuxProject/selinux#81 Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
@devZer0 would be nice if you say which is the missing package... I have this problem in Ubuntu still.
|
Facing the same issue when doing:
OR
Environment
|
The semanage tool crashes on systems without installed policies:
This is caused by sepol (the python module) setting the global _pol variable to
None
– something setools.TypeAttributeQuery can't deal with.platform details:
python3-modules used with python-3.4.3
distribution: mer
libselinux/ libsepol/ libsemanage/ policycoreutils: v2.7
python3-setools: 4.1.1
disclaimer: policycoreutils and setools are customly packaged, this is a possible (but unlikely) error source
The text was updated successfully, but these errors were encountered: