Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-90863

"sepolicy generate" errors with 404

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done-Errata
    • Icon: Major Major
    • None
    • CentOS Stream 10
    • policycoreutils
    • None
    • None
    • None
    • rhel-security-selinux
    • ssg_security
    • None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      I was trying to generate a custom SELinux policy for an application.

      What is the impact of this issue to you?

      I cannot create the custom policy.

      Please provide the package NVR for which the bug is seen:

      policycoreutils-devel-3.7-1.el10.x86_64

      How reproducible is this bug?:

      Easy

      Steps to reproduce

      1. Run `sepolicy generate --init /usr/bin/true`

      Expected results

      Policy is created.

      Actual results

      Displays this error message:

      ```

      Errors during downloading metadata for repository 'baseos':
        - Status code: 404 for https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=x86_64&protocol=https,http (IP: 152.19.134.142)
        - Status code: 404 for https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=x86_64&protocol=https,http (IP: 67.219.144.68)
        - Status code: 404 for https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=x86_64&protocol=https,http (IP: 140.211.169.196)
      Traceback (most recent call last):
        File "/usr/lib/python3.12/site-packages/dnf/repo.py", line 574, in load
          ret = self._repo.load()
                ^^^^^^^^^^^^^^^^^
        File "/usr/lib64/python3.12/site-packages/libdnf/repo.py", line 467, in load
          return _repo.Repo_load(self)
                 ^^^^^^^^^^^^^^^^^^^^^
      libdnf._error.Error: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Status code: 404 for https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=x86_64&protocol=https,http (IP: 67.219.144.68)

      During handling of the above exception, another exception occurred:

      Traceback (most recent call last):
        File "/usr/bin/sepolicy", line 702, in <module>
          args.func(args)
        File "/usr/bin/sepolicy", line 569, in generate
          mypolicy.gen_writeable()
        File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1304, in gen_writeable
          self.__extract_rpms()
        File "/usr/lib/python3.12/site-packages/sepolicy/generate.py", line 1271, in __extract_rpms
          base.fill_sack(load_system_repo=True)
        File "/usr/lib/python3.12/site-packages/dnf/base.py", line 413, in fill_sack
          self._add_repo_to_sack(r)
        File "/usr/lib/python3.12/site-packages/dnf/base.py", line 141, in _add_repo_to_sack
          repo.load()
        File "/usr/lib/python3.12/site-packages/dnf/repo.py", line 581, in load
          raise dnf.exceptions.RepoError(str(e))
      dnf.exceptions.RepoError: Failed to download metadata for repo 'baseos': Cannot prepare internal mirrorlist: Status code: 404 for https://mirrors.centos.org/metalink?repo=centos-baseos-$stream&arch=x86_64&protocol=https,http (IP: 67.219.144.68)

      ```

      It looks like the $stream variable is not getting substituted in the URL. Replacing it with 10-stream and using wget manually downloads the file.

              vmojzis@redhat.com Vit Mojzis
              jwgarber Jacob Garber (Inactive)
              Vit Mojzis Vit Mojzis
              SSG Security QE SSG Security QE
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: