-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 05/21/2012 04:58 PM, Sven Vermeulen wrote: > Hi guys, > > It looks like the current stable sepolgen release has requirements towards > an unofficial (well, fedora/rhel only) patch on setools. With the current > stable setools, it gives the following error when trying to use > audit2allow on a denial that contains write & open: > > Traceback (most recent call last): File "/usr/bin/audit2allow-2.7", line > 354, in <module> app.main() File "/usr/bin/audit2allow-2.7", line 345, in > main self.__output() File "/usr/bin/audit2allow-2.7", line 315, in > __output g.add_access(self.__avs) File > "/usr/lib64/python2.7/site-packages/sepolgen/policygen.py", line 211, in > add_access self.__add_allow_rules(raw_allow) File > "/usr/lib64/python2.7/site-packages/sepolgen/policygen.py", line 179, in > __add_allow_rules self.domains = seinfo(ATTRIBUTE, > name="domain")[0]["types"] NameError: global name 'seinfo' is not defined > > The patch that RedHat (and Fedora) provides fixes this in Python 2 > systems, but doesn't work in Python 3 (because Python 3 has a different > setup for Extension-based modules). I have a locally-tested patch on that, > but I'm not sure this is a good way to go forward. > > Perhaps it would be wise to remove the dependency towards the setools > binding and instead include the necessary code in the userspace libraries > themselves? policygen.py doesn't require the entire set of querying that > seinfo provides... > > The patch that is suggested by RedHat/Fedora doesn't follow the same > structure as the other bindings do (like libqpol/libapol) in setools too. > > Wkr, Sven Vermeulen > > -- This message was distributed to subscribers of the selinux mailing > list. If you no longer wish to subscribe, send mail to > majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes > as the message. Well I am not sure if anyone has ever used the setools python binaries other then the setools/sesearch and seinfo bindings. I would suggest we drop the general python bindings or deemphasize them and work on improving the seinfo/sesearch bindings. I have generated quite a few tools based on these bindings, that I am trying to figure out where how to package. setrans, senetwork, secommunicate, segenuserman, segendomainman Currently these are just little python scripts but I think they are pretty powerfull and if we figured out a good cli for them, would be a nice update of settools. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+9BksACgkQrlYvE4MpobNzIACgosigCJ247v7KA/g7nG+qusLR EOwAoJQs6HK+VuP01ZclQbCHac2gvzZA =Ow4G -----END PGP SIGNATURE----- -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
