Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 223733 - audit2allow always displays an error message with the -M option
Summary: audit2allow always displays an error message with the -M option
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted
Version: 6
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-01-22 01:50 UTC by Eric Buist
Modified: 2007-11-30 22:11 UTC (History)
0 users

Fixed In Version: Current
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-08-22 14:11:55 UTC


Attachments (Terms of Use)
A modified audit2allow Python script with correct string litterals (deleted)
2007-01-27 16:49 UTC, Eric Buist
no flags Details

Description Eric Buist 2007-01-22 01:50:01 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); fr; rv:1.8.1.1) Gecko/20061208 Firefox/2.0.0.1

Description of problem:
audit2allow -M local < inputfile always gives the same error message.

Traceback (most recent call last):
  File "/usr/bin/audit2allow", line 191, in ?
    print (_("Generating type enforcment file: %s.te") % module)
NameError: name '_' is not defined

The file inputfile contains:

Jan 21 19:25:49 salvator kernel: audit(1169425549.929:10): avc:  denied  { getattr } for  pid=2863 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
Jan 21 19:25:49 salvator kernel: audit(1169425549.930:11): avc:  denied  { execute } for  pid=2864 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jan 21 19:25:51 salvator kernel: audit(1169425551.009:12): avc:  denied  { read write } for  pid=2865 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file
Jan 21 19:25:51 salvator kernel: audit(1169425551.014:13): avc:  denied  { getattr } for  pid=2866 comm="mount.ntfs-3g" name="modprobe" dev=sda2 ino=4124870 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:insmod_exec_t:s0 tclass=file
Jan 21 19:25:51 salvator kernel: audit(1169425551.015:14): avc:  denied  { execute } for  pid=2867 comm="mount.ntfs-3g" name="bash" dev=sda2 ino=5237786 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:shell_exec_t:s0 tclass=file
Jan 21 19:25:52 salvator kernel: audit(1169425552.085:15): avc:  denied  { read write } for  pid=2868 comm="fusermount" name="fuse" dev=tmpfs ino=1586 scontext=system_u:system_r:mount_t:s0 tcontext=system_u:object_r:fixed_disk_device_t:s0 tclass=chr_file

which is extracted from /var/log/messages

Version-Release number of selected component (if applicable):


How reproducible:
Always


Steps to Reproduce:
1. run audit2allow


Actual Results:
an error message

Expected Results:
audit2allow should create a loadable policy module local.pp that could potentially fix the issue with ntfs-3g.

Additional info:
That's a big problem, because many Web sites suggest audit2allow as the way to create SELinux policy packages, but now, audit2allow does not work on FC6, at least for me.

Comment 1 Daniel Walsh 2007-01-22 15:25:44 UTC
Fixed in 	policycoreutils-1.33.15-1.fc6

Comment 2 Eric Buist 2007-01-27 16:28:42 UTC
The problem remains with this version of policycoreutils.

Comment 3 Eric Buist 2007-01-27 16:49:17 UTC
Created attachment 146746 [details]
A modified audit2allow Python script with correct string litterals

Comment 4 Daniel Walsh 2007-01-29 18:47:50 UTC
I am not seeing this error?

_() should be defined via

import gettext
gettext.install('policycoreutils')

What do you get if you execute


#python
import gettext
gettext.install('policycoreutils')
print _("test")



Comment 5 Eric Buist 2007-01-30 01:15:05 UTC
When I execute gettext.install('policycoreutils'), I get this message:
Traceback (most recent call last):
  File "<stdin>", line 1, in ?
  File "/usr/lib64/python2.4/gettext.py", line 480, in install
    t = translation(domain, localedir, fallback=True, codeset=codeset)
  File "/usr/lib64/python2.4/gettext.py", line 465, in translation
    t = _translations.setdefault(key, class_(open(mofile, 'rb')))
  File "/usr/lib64/python2.4/gettext.py", line 177, in __init__
    self._parse(fp)
  File "/usr/lib64/python2.4/gettext.py", line 301, in _parse
    plural = v[1].split('plural=')[1]
IndexError: list index out of range

My local is fr_CA.UTF-8. If I switch to en_US.UTF-8 (for example by using LC_ALL
en_US.UTF-8 python on the Bash prompt), everything works, including audit2allow.
The problem then seems to be related with Gettext which crashes on non-US locales.
Maybe something must be done in the program to catch up in case no translation
exists for the current locale?

Comment 6 Daniel Walsh 2007-02-01 21:14:55 UTC
Try changing this in audit2allow
  
        try:
                gettext.install('policycoreutils')
	except IOError:
		import __builtin__
		__builtin__.__dict__['_'] = unicode

Comment 7 Daniel Walsh 2007-02-01 21:20:07 UTC
Fixed in policycoreutils-1.34.1-4.fc6

Comment 8 Daniel Walsh 2007-08-22 14:11:55 UTC
Fixed in current release


Note You need to log in before you can comment on or make changes to this bug.