Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-3712

create_runtime_policy.sh fails to find convert_runtime_policy.py

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Critical Critical
    • rhel-9.4
    • rhel-9.3.0
    • keylime
    • None
    • None
    • Critical
    • ZStream
    • rhel-sst-security-special-projects
    • ssg_security
    • None
    • Dev ack
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Approved Blocker
    • None
    • None
    • Release Note Not Required
    • Hide
      .Keylime script `create_runtime_policy.sh` produces an error message

      The new Keylime script `create_runtime_policy.sh`, which generates a runtime policy from the allowlist and excludelist, correctly generates the allowlist but fails when trying to run the `convert_runtime_policy.py` script to generate the runtime policy by combining the allowlist and excludelist. As a consequence, it ends with an error message: `python3: can't open file '/usr/share/keylime/scripts/../keylime/cmd/convert_runtime_policy.py': [Errno 2] No such file or directory`.

      You can still use the script to generate the allowlist without any additional steps.
      Show
      .Keylime script `create_runtime_policy.sh` produces an error message The new Keylime script `create_runtime_policy.sh`, which generates a runtime policy from the allowlist and excludelist, correctly generates the allowlist but fails when trying to run the `convert_runtime_policy.py` script to generate the runtime policy by combining the allowlist and excludelist. As a consequence, it ends with an error message: `python3: can't open file '/usr/share/keylime/scripts/../keylime/cmd/convert_runtime_policy.py': [Errno 2] No such file or directory`. You can still use the script to generate the allowlist without any additional steps.
    • In Progress
    • None

      What were you trying to do that didn't work?

       

      The former script has been replaced with create_runtime_policy.sh. The new script (from keylime-base) generates the allowlist but at the end it tries to run convert_runtime_policy.py (from python3-keylime) but won't find it and therefore the script ends with an error:

      1. /usr/share/keylime/scripts/create_runtime_policy.sh -o /root/policy -h sha256sum
        Writing allowlist to /root/policy with sha256sum...
        Creating allowlist for init ram disk
        extracting /boot//initramfs-0-rescue-acbfbfe64e33449aba1cf75cb91b6c0a.img
        extracting /boot//initramfs-5.14.0-362.2.1.el9_3.x86_64.img
        Converting created allowlist to Keylime runtime policy
        python3: can't open file '/usr/share/keylime/scripts/../keylime/cmd/convert_runtime_policy.py': [Errno 2] No such file or directory

      The script should check if the conversion script is availabe and if not then fail with some reasonable error message providing a hint to a user.

      Please provide the package NVR for which bug is seen:

      keylime-7.3.0-9.el9_3

      How reproducible:

      always

              scorreia@redhat.com Sergio Correia
              ksrot@redhat.com Karel Srot
              Sergio Correia Sergio Correia
              Karel Srot Karel Srot
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: