Petr Lautrbach <plautrba@xxxxxxxxxx> writes: > Aristeidis Dimitriadis <ar.s.dimitriadis@xxxxxxxxx> writes: >> Hello, >> >> I believe there is an error in the packaging of setools-console-analyses >> which results in one of the tools being unusable. I am close to >> submitting a bug report but I would like someone to have a look first in >> case I am doing something wrong. Using up-to-date Fedora 30. >> >> The tool of interest in sedta which performs "Domain transition analysis >> for SELinux policies" (from the manpage). Running this tool results in this: >> >> $ sedta -s <some domain> -p <some policy file> >> >> 'DiGraph' object has no attribute 'edges_iter' >> >> This is a Python error and seems related to the networkx Python library >> which is listed as a requirement. No version requirements for this >> library are displayed by rpm. Installed version (by dnf) is 2.3. >> However, there is this guide : >> >> https://networkx.github.io/documentation/stable/release/migration_guide_from_1.x_to_2.0.html >> >> where it is clearly stated that the "edges_iter" API is removed in >> version 2.0. The upstream SELinux tools project which I believe is here : >> >> https://github.com/SELinuxProject/setools >> >> does not use the "edges_iter" API (I grep-ed for it). My guess is that >> networkx was updated but setools-console-analyses was not and now is >> trying to use an incompatible library version. >> >> No similar issues appear on bugzilla. Should I create one? > > There are 2 versions of setools available in Fedora 30: > > - setools-4.1.1-14.fc30 from standard Fedora repo - the affected version > > - setools-4.2.0-1.module_f30+3425+bbab1a14 from Fedora modular > > We need to ship the 4.1 version as it's the last version which supports > Python 2, python2-setools is required by python2-policycoreutils which > is required by other packages outside of SELinux space. > > Therefore setools-4.2 is packaged in a module: > > # dnf module enable setools > > # dnf update setools-console-analyses > ... > Upgraded: > python3-setools-4.2.0-1.module_f30+3425+bbab1a14.x86_64 setools-console-analyses-4.2.0-1.module_f30+3425+bbab1a14.x86_64 > Complete! > > # sedta -s sshd_t -p /etc/selinux/targeted/policy/policy.31 > Transition 1: sshd_t -> nx_server_t > > Domain transition rule(s): > allow sshd_t nx_server_t:process transition; > ... > > 4.2.2 version should be also available, but I haven't found it. It was > built by Vit who's currently on holidays. Given that I'm hardly a > modularity expert, we would need to wait for him. > I've found it: https://bodhi.fedoraproject.org/updates/FEDORA-MODULAR-2019-3003745bbe # dnf module reset setools # dnf module enable --enablerepo=updates-testing-modular setools:4.2 # dnf update --enablerepo=updates-testing-modular setools-console-analyses ... Upgraded: python3-setools-4.2.2-1.module_f30+4995+aaa0ceb3.x86_64 setools-console-analyses-4.2.2-1.module_f30+4995+aaa0ceb3.x86_64 # sedta -s sshd_t -p /etc/selinux/targeted/policy/policy.31 Transition 1: sshd_t -> nx_server_t Domain transition rule(s): allow sshd_t nx_server_t:process transition; ... > > >> Also, is there a way to report a bug without creating a bugzilla/fedora >> account? answered in "users" lists > > You need an account. Or you can send an email like you did - you can use > this mailing list of setools-owner@xxxxxxxxxxxxxxxxx aliases as a recipient. > > > Thanks! > > > Petr > _______________________________________________ > selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ selinux mailing list -- selinux@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to selinux-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/selinux@xxxxxxxxxxxxxxxxxxxxxxx
