Aristeidis Dimitriadis <ar.s.dimitriadis@xxxxxxxxx> writes: > Hello, > > I believe there is an error in the packaging of setools-console-analyses > which results in one of the tools being unusable. I am close to > submitting a bug report but I would like someone to have a look first in > case I am doing something wrong. Using up-to-date Fedora 30. > > The tool of interest in sedta which performs "Domain transition analysis > for SELinux policies" (from the manpage). Running this tool results in this: > > $ sedta -s <some domain> -p <some policy file> > > 'DiGraph' object has no attribute 'edges_iter' > > This is a Python error and seems related to the networkx Python library > which is listed as a requirement. No version requirements for this > library are displayed by rpm. Installed version (by dnf) is 2.3. > However, there is this guide : > > https://networkx.github.io/documentation/stable/release/migration_guide_from_1.x_to_2.0.html > > where it is clearly stated that the "edges_iter" API is removed in > version 2.0. The upstream SELinux tools project which I believe is here : > > https://github.com/SELinuxProject/setools > > does not use the "edges_iter" API (I grep-ed for it). My guess is that > networkx was updated but setools-console-analyses was not and now is > trying to use an incompatible library version. > > No similar issues appear on bugzilla. Should I create one? There are 2 versions of setools available in Fedora 30: - setools-4.1.1-14.fc30 from standard Fedora repo - the affected version - setools-4.2.0-1.module_f30+3425+bbab1a14 from Fedora modular We need to ship the 4.1 version as it's the last version which supports Python 2, python2-setools is required by python2-policycoreutils which is required by other packages outside of SELinux space. Therefore setools-4.2 is packaged in a module: # dnf module enable setools # dnf update setools-console-analyses ... Upgraded: python3-setools-4.2.0-1.module_f30+3425+bbab1a14.x86_64 setools-console-analyses-4.2.0-1.module_f30+3425+bbab1a14.x86_64 Complete! # sedta -s sshd_t -p /etc/selinux/targeted/policy/policy.31 Transition 1: sshd_t -> nx_server_t Domain transition rule(s): allow sshd_t nx_server_t:process transition; ... 4.2.2 version should be also available, but I haven't found it. It was built by Vit who's currently on holidays. Given that I'm hardly a modularity expert, we would need to wait for him. > Also, is there a way to report a bug without creating a bugzilla/fedora > account? answered in "users" lists You need an account. Or you can send an email like you did - you can use this mailing list of setools-owner@xxxxxxxxxxxxxxxxx aliases as a recipient. Thanks! Petr _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
