Re: Fwd: setools-console-analyses package

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aristeidis Dimitriadis <ar.s.dimitriadis@xxxxxxxxx> writes:
> Hello,
>
> I believe there is an error in the packaging of setools-console-analyses
> which results in one of the tools being unusable. I am close to
> submitting a bug report but I would like someone to have a look first in
> case I am doing something wrong. Using up-to-date Fedora 30.
>
> The tool of interest in sedta which performs "Domain transition analysis
> for SELinux policies" (from the manpage). Running this tool results in this:
>
> $ sedta -s <some domain> -p <some policy file>
>
> 'DiGraph' object has no attribute 'edges_iter'
>
> This is a Python error and seems related to the networkx Python library
> which is listed as a requirement. No version requirements for this
> library are displayed by rpm. Installed version (by dnf) is 2.3.
> However, there is this guide :
>
> https://networkx.github.io/documentation/stable/release/migration_guide_from_1.x_to_2.0.html
>
> where it is clearly stated that the "edges_iter" API is removed in
> version 2.0. The upstream SELinux tools project which I believe is here :
>
> https://github.com/SELinuxProject/setools
>
> does not use the "edges_iter" API (I grep-ed for it). My guess is that
> networkx was updated but setools-console-analyses was not and now is
> trying to use an incompatible library version.
>
> No similar issues appear on bugzilla. Should I create one?

There are 2 versions of setools available in Fedora 30:

- setools-4.1.1-14.fc30 from standard Fedora repo - the affected version

- setools-4.2.0-1.module_f30+3425+bbab1a14 from Fedora modular

We need to ship the 4.1 version as it's the last version which supports
Python 2, python2-setools is required by python2-policycoreutils which
is required by other packages outside of SELinux space.

Therefore setools-4.2 is packaged in a module:

# dnf module enable setools

# dnf update setools-console-analyses
...
Upgraded:
  python3-setools-4.2.0-1.module_f30+3425+bbab1a14.x86_64  setools-console-analyses-4.2.0-1.module_f30+3425+bbab1a14.x86_64                                                                  
Complete!

# sedta -s sshd_t -p /etc/selinux/targeted/policy/policy.31
Transition 1: sshd_t -> nx_server_t

Domain transition rule(s):
allow sshd_t nx_server_t:process transition;
...

4.2.2 version should be also available, but I haven't found it. It was
built by Vit who's currently on holidays. Given that I'm hardly a
modularity expert, we would need to wait for him.



> Also, is there a way to report a bug without creating a bugzilla/fedora
> account?  answered in "users" lists

You need an account. Or you can send an email like you did - you can use
this mailing list of setools-owner@xxxxxxxxxxxxxxxxx aliases as a recipient.


Thanks!


Petr
_______________________________________________
selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx




[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Big List of Linux Books]     [Yosemite News]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux