-
Bug
-
Resolution: Unresolved
-
Normal
-
rhel-10.0
-
None
-
setroubleshoot-3.3.35-1.el10
-
No
-
Important
-
1
-
rhel-sst-security-selinux
-
ssg_security
-
16
-
2
-
QE ack
-
False
-
-
None
-
SELINUX 241127 - 241218
-
-
Pass
-
Not Needed
-
Automated
-
None
https://gitlab.com/setroubleshoot/setroubleshoot/-/issues/11
In ostree based systems, the target root is moved to /etc/selinux as /var/lib/selinux/targeted is empty.
This is done by adding store-root=/etc/selinux to /etc/selinux/semanage.conf.
Currently, https://gitlab.com/setroubleshoot/setroubleshoot/-/blame/main/src/setroubleshoot/util.py?ref_type=heads#L565 is hardcoded vor /var/lib/selinux, causing stacktraces on ostree based systems.Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: The call org.fedoraproject.SetroubleshootPrivileged.get_rpm_nvr_by_scontext has failed with an exception:
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: Traceback (most recent call last):
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/lib/python3.13/site-packages/dasbus/server/handler.py", line 455, in _method_callback
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: result = self._handle_call(
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: interface_name,
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: ...<2 lines>...
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: **additional_args
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: )
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/lib/python3.13/site-packages/dasbus/server/handler.py", line 265, in _handle_call
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: return handler(*parameters, **additional_args)
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/share/setroubleshoot/SetroubleshootPrivileged.py", line 57, in get_rpm_nvr_by_scontext
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: rpmnvr = setroubleshoot.util.get_rpm_nvr_by_scontext(scontext)
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/lib/python3.13/site-packages/setroubleshoot/util.py", line 629, in get_rpm_nvr_by_scontext
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: return get_rpm_nvr_by_type(str(selinux.context_type_get(context)))
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/lib/python3.13/site-packages/setroubleshoot/util.py", line 514, in get_rpm_nvr_by_type
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: build_module_type_cache()
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: ~~~~~~~~~~~~~~~~~~~~~~~^^
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: File "/usr/lib/python3.13/site-packages/setroubleshoot/util.py", line 565, in build_module_type_cache
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: with os.scandir("/var/lib/selinux/{}/active/modules".format(policytype)) as module_store:
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: ~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Oct 26 12:21:01 antheas-ally-x SetroubleshootPrivileged.py[2316]: FileNotFoundError: [Errno 2] No such file or directory: '/var/lib/selinux/targeted/active/modules'
Proposed fix https://gitlab.com/setroubleshoot/setroubleshoot/-/merge_requests/44
- links to
-
RHBA-2024:141552 setroubleshoot bug fix and enhancement update