salt icon indicating copy to clipboard operation
salt copied to clipboard

Published 20 hours ago verified publisher icon saltstack

[BUG] SELinux.fcontext_add_policy failes when using hyphen in filespec.

Open Munteano opened this issue 5 months ago • 1 comments

Description When running the SELinux fcontext_add_policy with a filespec that contains a hyphen in the name of the directory, the state fails with ValueError: File context for /vol/apache/dummy/bla-bla(/.*)? is not defined While setting the fcontext with SEmanage directly works with hyphens.

Setup Salt-master on Rocky-Linux to salt-minion on Amazon Linux 2023

Please be as specific as possible and give set-up details.

  • [ ] on-prem machine
  • [ ] VM (Virtualbox, KVM, etc. please specify)
  • [x] VM running on a cloud service, please be explicit and add details Running on latest Amazon Linux 2023 Image
  • [ ] container (Kubernetes, Docker, containerd, etc. please specify)
  • [ ] or a combination, please be explicit
  • [ ] jails if it is FreeBSD
  • [ ] classic packaging
  • [x] onedir packaging
  • [x] used bootstrap to install

Steps to Reproduce the behavior Running the selinux state like this:

salt 'amazon2023-dev-1' selinux.fcontext_add_policy '/vol/apache/dummy/bla-bla(/.*)?' sel_type=httpd_sys_content_t
amazon2023-dev-1:
    ----------
    pid:
        24222
    retcode:
        1
    stderr:
        ValueError: File context for /vol/apache/dummy/bla-bla(/.*)? is not defined
    stdout:

Running the fcontext_get_policy returns

salt 'amazon2023-dev-1' selinux.fcontext_get_policy "/vol/apache/dummy/bla-bla(/.*)?"
amazon2023-dev-1:
    The minion function caused an exception: Traceback (most recent call last):
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/minion.py", line 1969, in _thread_return
        return_data = minion_instance._execute_job_function(
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/minion.py", line 1925, in _execute_job_function
        return_data = self.executors[fname](opts, data, func, args, kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__
        ret = self.loader.run(run_func, *args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run
        return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as
        return _func_or_method(*args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/executors/direct_call.py", line 10, in execute
        return func(*args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 160, in __call__
        ret = self.loader.run(run_func, *args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1269, in run
        return self._last_context.run(self._run_as, _func_or_method, *args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/loader/lazy.py", line 1284, in _run_as
        return _func_or_method(*args, **kwargs)
      File "/opt/saltstack/salt/lib/python3.10/site-packages/salt/modules/selinux.py", line 507, in fcontext_get_policy
        "filespec": parts.group(1).strip(),
    AttributeError: 'NoneType' object has no attribute 'group'

While running it directly on VM with semanage

[root@amazon2023-dev-1 apache]# semanage fcontext -a -t httpd_sys_content_t '/vol/apache/dummy/bla-bla(/.*)?'
[root@amazon2023-dev-1 apache]# semanage fcontext -l | grep bla-bla
/vol/apache/dummy/bla-bla(/.*)?                    all files          system_u:object_r:httpd_sys_content_t:s0

Expected behavior Running the same state without hyphen

salt 'amazon2023-dev-1' selinux.fcontext_add_policy '/vol/apache/dummy/blabla(/.*)?' sel_type=httpd_sys_content_t
amazon2023-dev-1:
    ----------
    pid:
        24209
    retcode:
        0
    stderr:
    stdout:

Screenshots image

Versions Report Minion: [root@amazon2023-dev-1 /]# salt-minion --version salt-minion 3007.1 (Chlorine)

salt --versions-report (Provided by running salt --versions-report. Please also mention any differences in master/minion versions.) 
Salt Version:
          Salt: 3007.1

Python Version:
        Python: 3.10.14 (main, Apr  3 2024, 21:30:09) [GCC 11.2.0]

Dependency Versions:
          cffi: 1.16.0
      cherrypy: unknown
      dateutil: 2.8.2
     docker-py: Not Installed
         gitdb: Not Installed
     gitpython: Not Installed
        Jinja2: 3.1.4
       libgit2: Not Installed
  looseversion: 1.3.0
      M2Crypto: Not Installed
          Mako: Not Installed
       msgpack: 1.0.7
  msgpack-pure: Not Installed
  mysql-python: Not Installed
     packaging: 23.1
     pycparser: 2.21
      pycrypto: Not Installed
  pycryptodome: 3.19.1
        pygit2: Not Installed
  python-gnupg: 0.5.2
        PyYAML: 6.0.1
         PyZMQ: 25.1.2
        relenv: 0.16.0
         smmap: Not Installed
       timelib: 0.3.0
       Tornado: 6.3.3
           ZMQ: 4.3.4

Salt Package Information:
  Package Type: onedir

System Versions:
          dist: rocky 8.10 Green Obsidian
        locale: utf-8
       machine: x86_64
       release: 4.18.0-553.8.1.el8_10.x86_64
        system: Linux
       version: Rocky Linux 8.10 Green Obsidian

Additional context Running the same command on a minion with Amazon Linux 2 works fine. My first contribution to the SaltStack community, please let me know if you need more info. Thanks!

Munteano avatar Aug 28 '24 12:08 Munteano