[semanage] [python-sepol] semanage crashes on systems without policy

[schmittlauch]

The semanage tool crashes on systems without installed policies:

# semanage
Traceback (most recent call last):
  File "/usr/sbin/semanage", line 28, in <module>
    import seobject
  File "/usr/lib/python3.4/site-packages/seobject.py", line 1039, in <module>
    class portRecords(semanageRecords):
  File "/usr/lib/python3.4/site-packages/seobject.py", line 1041, in portRecords
    valid_types = list(list(sepolicy.info(sepolicy.ATTRIBUTE, "port_type"))[0]["types"])
  File "/usr/lib/python3.4/site-packages/sepolicy/__init__.py", line 196, in <genexpr>
    return ({
  File "/usr/lib/python3.4/site-packages/setools/typeattrquery.py", line 65, in results
    for attr in self.policy.typeattributes():
AttributeError: 'NoneType' object has no attribute 'typeattributes'

This is caused by sepol (the python module) setting the global _pol variable to None – something setools.TypeAttributeQuery can't deal with.

platform details:

python3-modules used with python-3.4.3
distribution: mer
libselinux/ libsepol/ libsemanage/ policycoreutils: v2.7
python3-setools: 4.1.1

disclaimer: policycoreutils and setools are customly packaged, this is a possible (but unlikely) error source

[stephensmalley]

Reproduced upstream, e.g. just mv /etc/selinux /etc/selinux.old and try running semanage as above.

[fishilico]

This behavior is mainly due to having valid_types = list(list(sepolicy.info(... in class definitions instead of having them in class constructors (in seobject.py). This makes it harder to catch the fact that no policy is loaded.
I suggest moving the valid_types definitions to class constructors, to give importers of seobject.py the possibility to display a nice error message if no policy is loaded (or to specify a policy to be loaded).
What do you think of this?