View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0000063 | AlmaLinux-8 | selinux-policy | public | 2021-04-15 12:06 | 2021-09-13 12:41 |
Reporter | luboslives | Assigned To | alukoshko | ||
Priority | normal | Severity | block | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
OS | AlmaLinux from CentOS 8 | OS Version | 8.3 Stable | ||
Summary | 0000063: Unable to allow custom SSH port through SELinux policy | ||||
Description | I'm not very familiar with SELinux at all, so I can't give much more detail, but I know that when I want to use a custom port for SSH I first have to create an SELinux policy which permits this. This has resulted in an error which seems tied to the OS, check the Steps below. | ||||
Steps To Reproduce | Attempt to allow a custom port for SSH, for example port 1234: semanage port -a -t ssh_port_t -p tcp 1234 Results in the following error (emphasis on the last line): Traceback (most recent call last): File "/usr/sbin/semanage", line 975, in <module> do_parser() File "/usr/sbin/semanage", line 952, in do_parser commandParser = createCommandParser() File "/usr/sbin/semanage", line 882, in createCommandParser import seobject File "/usr/lib/python3.6/site-packages/seobject.py", line 33, in <module> import sepolicy File "/usr/lib/python3.6/site-packages/sepolicy/__init__.py", line 7, in <module> import setools File "/usr/lib64/python3.6/site-packages/setools/__init__.py", line 24, in <module> __version__ = pkg_resources.get_distribution("setools").version AttributeError: module 'pkg_resources' has no attribute 'get_distribution' Additionally, when I went to check on SELinux inside Cockpit, I see: "Error running semanage to discover system modifications" | ||||
Additional Information | For background, I set up a fresh install of CentOS 8 on a VPS a couple of days ago and then ran the "almalinux-deploy" migration script. So far so good! This is the only issue I've run into. | ||||
Tags | No tags attached. | ||||
abrt_hash | |||||
URL | |||||
|
Hello and thank you for report. Looks like policycoreutils should be patched to detect AlmaLinux correctly. We'll prepare an update for it asap. |
|
So you have this issue after migration right? I wasn't able to reproduce the issue on fresh AlmaLinux install. |
|
Yes after migrating from CentOS 8. Is there a chance the issue could be with Python and its modules/packages? I updated what I could with pip - whatever didn't fail to build - just a handful of packages. But yesterday I had to downgrade 3 of them to get a CLI utility (b2) to work. Here's what I have installed according to pip: arrow 0.17.0 b2 2.3.0 b2sdk 1.6.0 certifi 2020.12.5 chardet 4.0.0 configobj 5.0.6 dbus-python 1.2.4 decorator 5.0.7 docutils 0.16 ethtool 0.14 funcsigs 1.0.2 gpg 1.13.1 idna 2.10 imageio 2.9.0 importlib-metadata 3.10.1 iniparse 0.5 iotop 0.6 isc 2.0 logfury 0.1.2 NeuroTools 0.3.1 nftables 0.1 numpy 1.19.5 perf 0.1 phx-class-registry 3.0.5 Pillow 8.2.0 pip 21.0.1 ply 3.11 pycairo 1.16.3 pydbus 0.6.0 pygobject 3.28.3 pyinotify 0.9.6 PySocks 1.7.1 python-dateutil 2.8.1 python-dmidecode 3.12.2 python-linux-procfs 0.6.2 pyudev 0.22.0 PyYAML 3.12 requests 2.25.1 rpm 4.14.3 rst2ansi 0.1.5 schedutils 0.6 selinux 2.9 sepolicy 1.1 setools 4.3.0 setroubleshoot 1.1 setuptools 56.0.0 six 1.15.0 slip 0.6.4 slip.dbus 0.6.4 sos 3.9 SSSDConfig 2.3.0 subscription-manager 1.27.18 syspurpose 1.27.18 systemd-python 234 tqdm 4.60.0 typing-extensions 3.7.4.3 urllib3 1.26.4 zipp 3.4.1 And here's what I have installed according to dnf: platform-python.x86_64 3.6.8-31.el8.alma @baseos platform-python-pip.noarch 9.0.3-18.el8 @baseos platform-python-setuptools.noarch 39.2.0-6.el8 @baseos policycoreutils-python-utils.noarch 2.9-9.el8 @baseos python-srpm-macros.noarch 3-39.el8 @appstream python3-audit.x86_64 3.0-0.17.20191104git1c2f876.el8 @baseos python3-bind.noarch 32:9.11.20-5.el8_3.1 @baseos python3-cairo.x86_64 1.16.3-6.el8 @baseos python3-chardet.noarch 3.0.4-7.el8 @baseos python3-configobj.noarch 5.0.6-11.el8 @baseos python3-dateutil.noarch 1:2.6.1-6.el8 @baseos python3-dbus.x86_64 1.2.4-15.el8 @baseos python3-decorator.noarch 4.2.1-2.el8 @baseos python3-dmidecode.x86_64 3.12.2-15.el8 @baseos python3-dnf.noarch 4.2.23-4.el8 @baseos python3-dnf-plugins-core.noarch 4.0.17-5.el8 @baseos python3-docutils.noarch 0.14-12.module_el8.3.0+6191+6b4b10ec @appstream python3-ethtool.x86_64 0.14-3.el8 @baseos python3-firewall.noarch 0.8.2-2.el8 @baseos python3-gobject.x86_64 3.28.3-2.el8 @baseos python3-gobject-base.x86_64 3.28.3-2.el8 @baseos python3-gpg.x86_64 1.13.1-3.el8 @baseos python3-hawkey.x86_64 0.48.0-5.el8.alma @baseos python3-idna.noarch 2.5-5.el8 @baseos python3-iniparse.noarch 0.4-31.el8 @baseos python3-inotify.noarch 0.9.6-13.el8 @baseos python3-libcomps.x86_64 0.1.11-4.el8 @baseos python3-libdnf.x86_64 0.48.0-5.el8.alma @baseos python3-librepo.x86_64 1.12.0-2.el8 @baseos python3-libs.x86_64 3.6.8-31.el8.alma @baseos python3-libselinux.x86_64 2.9-4.el8_3 @baseos python3-libsemanage.x86_64 2.9-3.el8 @baseos python3-libstoragemgmt.noarch 1.8.3-2.el8 @baseos python3-libstoragemgmt-clibs.x86_64 1.8.3-2.el8 @baseos python3-libxml2.x86_64 2.9.7-8.el8 @baseos python3-linux-procfs.noarch 0.6.2-2.el8 @baseos python3-nftables.x86_64 1:0.9.3-16.el8 @baseos python3-perf.x86_64 4.18.0-240.22.1.el8_3 @baseos python3-pip.noarch 9.0.3-18.el8 @appstream python3-pip-wheel.noarch 9.0.3-18.el8 @baseos python3-ply.noarch 3.9-8.el8 @baseos python3-policycoreutils.noarch 2.9-9.el8 @baseos python3-pydbus.noarch 0.6.0-5.el8 @baseos python3-pysocks.noarch 1.6.8-3.el8 @baseos python3-pyudev.noarch 0.21.0-7.el8 @baseos python3-pyyaml.x86_64 3.12-12.el8 @baseos python3-requests.noarch 2.20.0-2.1.el8 @baseos python3-rpm.x86_64 4.14.3-4.el8 @baseos python3-rpm-macros.noarch 3-39.el8 @appstream python3-schedutils.x86_64 0.6-6.el8 @baseos python3-setools.x86_64 4.3.0-2.el8 @baseos python3-setuptools.noarch 39.2.0-6.el8 @baseos python3-setuptools-wheel.noarch 39.2.0-6.el8 @baseos python3-six.noarch 1.11.0-8.el8 @baseos python3-slip.noarch 0.6.4-11.el8 @baseos python3-slip-dbus.noarch 0.6.4-11.el8 @baseos python3-sssdconfig.noarch 2.3.0-9.el8 @baseos python3-subscription-manager-rhsm.x86_64 1.27.18-1.el8_3.alma.1 @baseos python3-syspurpose.x86_64 1.27.18-1.el8_3.alma.1 @baseos python3-systemd.x86_64 234-8.el8 @baseos python3-unbound.x86_64 1.7.3-14.el8 @baseos python3-urllib3.noarch 1.24.2-4.el8 @baseos python36.x86_64 3.6.8-2.module_el8.3.0+6191+6b4b10ec @appstream Sorry don't know if I can monospace that here. |
|
Hello. Is issue still occur on 8.4? I still can't reproduce it. |
|
Hi, I've updated the VPS to 8.4 along with all of the latest packages including the Python updates, and the latest kernel. I still get the same error as in the first post, in the traceback. I did a bit of googling to see if I could get extra info from SELinux, so I tried setting the same custom SSH port policy and then tried `sealert -a /var/log/audit/audit.log` to get more info, but this actually leads to another error (sorry to pile on, but maybe this is relevant to SEL as well): Traceback (most recent call last): File "/usr/bin/sealert", line 57, in <module> from setroubleshoot.util import get_identity, load_plugins, log_init, log_debug File "/usr/lib/python3.6/site-packages/setroubleshoot/util.py", line 2, in <module> from six.moves import range ModuleNotFoundError: No module named 'six' |
|
I've installed CentOS 8.4, updated it, migrate to Alma and can't reproduce any of written issues. change port works fine, sealert fine too. P.S. for "ModuleNotFoundError: No module named 'six'" you need to install python3-six |
Date Modified | Username | Field | Change |
---|---|---|---|
2021-04-15 12:06 | luboslives | New Issue | |
2021-04-15 14:00 | alukoshko | Assigned To | => alukoshko |
2021-04-15 14:00 | alukoshko | Status | new => assigned |
2021-04-15 14:02 | alukoshko | Note Added: 0000151 | |
2021-04-16 11:05 | alukoshko | Note Added: 0000153 | |
2021-04-16 11:49 | luboslives | Note Added: 0000154 | |
2021-06-08 19:48 | alukoshko | Note Added: 0000265 | |
2021-06-10 09:55 | luboslives | Note Added: 0000272 | |
2021-07-27 14:23 | sfokin | Note Added: 0000320 | |
2021-09-13 12:41 | alukoshko | Status | assigned => closed |
2021-09-13 12:41 | alukoshko | Resolution | open => fixed |