Setools v4 on Fedora 27

[annfry]

Hi there, any help would be appreciated on building these tools (and yes I know there is a package, but I was hoping to use the GitHub copy 4.1.1.

Here’s the dependencies I have installed:

• Python3.6.4
• networkX - python3-networkx
• setuptools
• Libselinux
• Pyqt5
• qt5-assistant
• Qt-devel
• gcc
• bison
• flex
• libsepol-2.7-2.fc27.x86_64
• Swig
• And tox via a pip

From the fedora 23 page I also made sure to install:

• libsepol-devel
• libsepol-static
• libselinux-devel
• policycoreutils-python3
• bzip2-devel
• redhat-rpm-config
• And python3-qt5

When I try to build master - the error is:

libqpol/policy_scan.c: In function ‘yy_scan_bytes’:
libqpol/policy_scan.c:3254:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]
  for ( i = 0; i < _yybytes_len; ++i )
                 ^
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1

When I try to build 4.0 the error is:

libqpol/ftrule_query.c: In function ‘filename_trans_state_next’:
libqpol/ftrule_query.c:79:21: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘next’
  fts->cur = fts->cur->next;
                     ^~
libqpol/ftrule_query.c: In function ‘filename_trans_state_size’:
libqpol/ftrule_query.c:96:38: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘next’
  for (tmp = fts->head; tmp; tmp = tmp->next)
                                      ^~
libqpol/ftrule_query.c: In function ‘qpol_policy_get_filename_trans_iter’:
libqpol/ftrule_query.c:125:23: error: assignment from incompatible pointer type [-Werror=incompatible-pointer-types]
  fts->head = fts->cur = db->filename_trans;
                       ^
libqpol/ftrule_query.c: In function ‘qpol_filename_trans_get_default_type’:
libqpol/ftrule_query.c:227:53: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘otype’; did you mean ‘stype’?
  *dflt = (qpol_type_t *) db->type_val_to_struct[ft->otype - 1];
                                                     ^~~~~
                                                     stype
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1

When I try to build 4.1 the error is:

libqpol/policy_extend.c: In function ‘policy_extend’:
libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                           ^~~~~
libqpol/policy_extend.c:161:22: note: directive argument in the range [1, 4294967295]
    snprintf(buff, 9, "@ttr%04zd", i + 1);
                      ^~~~~~~~~~~
libqpol/policy_extend.c:161:4: note: ‘snprintf’ output between 9 and 15 bytes into a destination of size 9
    snprintf(buff, 9, "@ttr%04zd", i + 1);
    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cc1: all warnings being treated as errors
error: command 'gcc' failed with exit status 1

Does anyone have any idea as to how I can build these on my own system? I have also tried downloading the zips of each of the releases, and they each give the same errors.

[fishilico]

Hi,

libqpol/policy_scan.c:3254:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]

The last time I encountered this error was when using flex 2.6.1. I believe this has been fixed in flex 2.6.2 with https://github.com/westes/flex/commit/cf4121fa97abac8aeaa5e08b8fc0b2380228494e . What version are you using? Does this issue still occur with flex 2.6.4?

libqpol/ftrule_query.c:79:21: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘next’

libsepol changed its API in its release 2.7 (cf. https://github.com/SELinuxProject/selinux/commit/8fdb2255215a1f1488b613737b5fbffb873d8376#diff-49a4d9d14c381a0d62a222c4443a96a5L165). Therefore setools 4.0 is incompatible with libsepol >= 2.7.

libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]

This has been reported in https://github.com/TresysTechnology/setools/pull/181 and fixed on branch master with commit https://github.com/TresysTechnology/setools/commit/e41adf01647c695b80b112b337e76021bb9f30c3 . If you backport this commit, do you get the first error message you reported?

[annfry]

That’s correct. I was using flex 2.6.1, will update you further after trying the latest version from GitHub.

….

So I downloaded and installed flex version 2.6.4 and I tried to build master with the following results:

python3 setup build_ext

No errors!

python3 setup build

No errors!

then

Python3 setup.py install

First it said I don’t have permission to install in a specific directory, so I ran as root:

And I get:

libqpol/policy_scan.c: In function ‘yy_scan_bytes’: libqpol/policy_scan.c:3254:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare] for ( i = 0; i < _yybytes_len; ++i ) ^ cc1: all warnings being treated as errors error: command 'gcc' failed with exit status 1

Same error with 4.1 with flex version 2.6.4 -

libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]

From which I understand that I’m supposed to downgrade my libsepol?

Thanks,

Ann

On Feb 7, 2018, at 2:51 PM, Nicolas Iooss notifications@github.com wrote:

Hi,

libqpol/policy_scan.c:3254:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]

The last time I encountered this error was when using flex 2.6.1. I believe this has been fixed in flex 2.6.2 with westes/flex@cf4121f https://github.com/westes/flex/commit/cf4121fa97abac8aeaa5e08b8fc0b2380228494e . What version are you using? Does this issue still occur with flex 2.6.4?

libqpol/ftrule_query.c:79:21: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘next’

libsepol changed its API in its release 2.7 (cf. SELinuxProject/selinux@8fdb225#diff-49a4d9d14c381a0d62a222c4443a96a5L165 https://github.com/SELinuxProject/selinux/commit/8fdb2255215a1f1488b613737b5fbffb873d8376#diff-49a4d9d14c381a0d62a222c4443a96a5L165). Therefore setools 4.0 is incompatible with libsepol >= 2.7.

libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]

This has been reported in #181 https://github.com/TresysTechnology/setools/pull/181 and fixed on branch master with commit e41adf0 https://github.com/TresysTechnology/setools/commit/e41adf01647c695b80b112b337e76021bb9f30c3 . If you backport this commit, do you get the first error message you reported?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/TresysTechnology/setools/issues/183#issuecomment-363889578, or mute the thread https://github.com/notifications/unsubscribe-auth/AFRgGnk05lEySYA6IM9pX-11EuZ4AW-2ks5tSf6_gaJpZM4R70ui.

[fishilico]

then Python3 setup.py install First it said I don’t have permission to install in a specific directory, so I ran as root:

What about using --skip-build option in order not to build a new time the project as root ? The error you got suggests that setup.py uses flex 2.6.1 when run as root. Do the following commands work ?

python3 setup build
sudo python3 setup.py install --skip-build

Anyway, all the errors you get with SETools 4.1 can be silenced by removing -Werror from setup.py, i.e. by replacing

extra_compile_args=['-Werror', '-Wextra',

with

extra_compile_args=['-Wextra',

Does fix this your issues?

[annfry]

Thank you very much! I have it installed. I had to make sure that it was using flex 2.6.4 from root, so copied it to /bin, and the install finished. I’ll mark the issue as fixed. This was for master.

Ann

On Feb 7, 2018, at 2:51 PM, Nicolas Iooss notifications@github.com wrote:

Hi,

libqpol/policy_scan.c:3254:17: error: comparison between signed and unsigned integer expressions [-Werror=sign-compare]

The last time I encountered this error was when using flex 2.6.1. I believe this has been fixed in flex 2.6.2 with westes/flex@cf4121f https://github.com/westes/flex/commit/cf4121fa97abac8aeaa5e08b8fc0b2380228494e . What version are you using? Does this issue still occur with flex 2.6.4?

libqpol/ftrule_query.c:79:21: error: ‘filename_trans_t {aka struct filename_trans}’ has no member named ‘next’

libsepol changed its API in its release 2.7 (cf. SELinuxProject/selinux@8fdb225#diff-49a4d9d14c381a0d62a222c4443a96a5L165 https://github.com/SELinuxProject/selinux/commit/8fdb2255215a1f1488b613737b5fbffb873d8376#diff-49a4d9d14c381a0d62a222c4443a96a5L165). Therefore setools 4.0 is incompatible with libsepol >= 2.7.

libqpol/policy_extend.c:161:27: error: ‘%04zd’ directive output may be truncated writing between 4 and 10 bytes into a region of size 5 [-Werror=format-truncation=]

This has been reported in #181 https://github.com/TresysTechnology/setools/pull/181 and fixed on branch master with commit e41adf0 https://github.com/TresysTechnology/setools/commit/e41adf01647c695b80b112b337e76021bb9f30c3 . If you backport this commit, do you get the first error message you reported?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/TresysTechnology/setools/issues/183#issuecomment-363889578, or mute the thread https://github.com/notifications/unsubscribe-auth/AFRgGnk05lEySYA6IM9pX-11EuZ4AW-2ks5tSf6_gaJpZM4R70ui.

[annfry]

Not sure if this should be a new issue, or related to the previous issue, but I am attempting to run apol. I first tried without specifying a policy and then with a policy, and I get the same error:

$ apol policy.31
Traceback (most recent call last):
  File "/usr/bin/apol", line 4, in <module>
    __import__('pkg_resources').run_script('setools==4.2.dev0', 'apol')
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 750, in run_script
    self.require(requires)[0].run_script(script_name, ns)
  File "/usr/lib/python3.6/site-packages/pkg_resources/__init__.py", line 1524, in run_script
    exec(code, namespace, namespace)
  File "/usr/lib64/python3.6/site-packages/setools-4.2.dev0-py3.6-linux-x86_64.egg/EGG-INFO/scripts/apol", line 25, in <module>
    import setools
  File "/usr/lib64/python3.6/site-packages/setools-4.2.dev0-py3.6-linux-x86_64.egg/setools/__init__.py", line 77, in <module>
    from .infoflow import InfoFlowAnalysis
  File "/usr/lib64/python3.6/site-packages/setools-4.2.dev0-py3.6-linux-x86_64.egg/setools/infoflow.py", line 24, in <module>
    from networkx.exception import NetworkXError, NetworkXNoPath, NodeNotFound
ImportError: cannot import name 'NodeNotFound'

This was because of an older version of networkx, I have made sure to use 2.1 and verified this with pip3 list, and now my error message is:

extensions/gdal_wrap.cpp:9308:7: error: ‘VSICurlClearCache’ was not declared in this scope VSICurlClearCache(); ^~~~~ extensions/gdal_wrap.cpp:9308:7: note: suggested alternative: ‘_wrap_VSICurlClearCache’ VSICurlClearCache(); ^~~~~ _wrap_VSICurlClearCache error: command 'gcc' failed with exit status 1

[fishilico]

ImportError: cannot import name 'NodeNotFound'

I confirm this error meant you were using networkx<2.0, which is not compatible with setools since commit https://github.com/TresysTechnology/setools/commit/856b56accba14b0296e608b7f05bead2d63ca542.

extensions/gdal_wrap.cpp:9308:7: error: ‘VSICurlClearCache’ was not declared in this scope

This seems to be an issue with GDAL and a mismatched Python bindings (I have found extensions/gdal_wrap.cpp files in https://github.com/nextgis/pygdal). This is very strange because setools does not use the Geospatial Data Abstraction Library and I am very surprised that apol tries to compile pygdal when running. How did this error message occur when you ran apol? Were there other messages which might suggest what apol was trying to perform?

[annfry]

so sorry, I was trying to get the networkx[all] to install and that was from that error. this is the error I get when I ran apol against the current fedora policy: import networkx.utils File "/home/bstark/devel/github/networkx/networkx/utils/__init__.py", line 2, in <module> from networkx.utils.decorators import * File "/home/bstark/devel/github/networkx/networkx/utils/decorators.py", line 8, in <module> from decorator import decorator ModuleNotFoundError: No module named'decorator'``

which doesn't make sense to me because decorator is already installed via a pip . which is why I was trying to upgrade networkx, but then received the message from above. when I do pip list it says decorator is version 4.2.1

so I had to install it using:

python3 -m pip install decorator

even though it said it was already installed using pip list..... apol now opens.