Bug#912982: reportbug: ssl fails with selinux enforcing mode
Package: reportbug
Version: 7.1.7+deb9u2
Severity: normal
Dear Maintainer,
I am trying to use reportbug on a selinux-enabled system in enforcing mode.
It fails due to this AVC denial in the audit.log:
type=AVC msg=audit(1541420721.386:9317): avc: denied { execmem } for pid=17668 comm="reportbug" scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=process permissive=0
Here is the output of the reportbug session:
Please enter the name of the package in which you have found a problem, or type
'other' to report a more general problem. If you don't know what package the bug is
in, please contact debian-user@lists.debian.org for assistance.
> nodejs
*** Welcome to reportbug. Use ? for help at prompts. ***
Note: bug reports are publicly archived (including the email address of the submitter).
Detected character set: UTF-8
Please change your locale if this is incorrect.
Using 'Jade McCormick <jade@cerberus.heptet.us>' as your from address.
Getting status for nodejs...
Checking for newer versions at madison...
Traceback (most recent call last):
File "/usr/bin/reportbug", line 2266, in <module>
main()
File "/usr/bin/reportbug", line 1109, in main
return iface.user_interface()
File "/usr/bin/reportbug", line 1625, in user_interface
http_proxy=self.options.http_proxy, arch=arch)
File "/usr/lib/python3/dist-packages/reportbug/checkversions.py", line 177, in check_
available
stuff = get_versions_available(package, timeout, dists, http_proxy, arch)
File "/usr/lib/python3/dist-packages/reportbug/checkversions.py", line 87, in get_ver
sions_available
page = open_url(url)
File "/usr/lib/python3/dist-packages/reportbug/urlutils.py", line 151, in open_url
page = urlopen(url, proxies, timeout)
File "/usr/lib/python3/dist-packages/reportbug/urlutils.py", line 115, in urlopen
return requests.get(url, headers).text
File "/usr/lib/python3/dist-packages/requests/api.py", line 75, in get
Please enter the name of the package in which you have found a problem, or type
'other' to report a more general problem. If you don't know what package the bug is
in, please contact debian-user@lists.debian.org for assistance.
> nodejs
*** Welcome to reportbug. Use ? for help at prompts. ***
Note: bug reports are publicly archived (including the email address of the submitter).
Detected character set: UTF-8
Please change your locale if this is incorrect.
Using 'Jade McCormick <jade@cerberus.heptet.us>' as your from address.
Getting status for nodejs...
Checking for newer versions at madison...
Traceback (most recent call last):
File "/usr/bin/reportbug", line 2266, in <module>
main()
File "/usr/bin/reportbug", line 1109, in main
return iface.user_interface()
File "/usr/bin/reportbug", line 1625, in user_interface
http_proxy=self.options.http_proxy, arch=arch)
File "/usr/lib/python3/dist-packages/reportbug/checkversions.py", line 177, in check_
available
stuff = get_versions_available(package, timeout, dists, http_proxy, arch)
File "/usr/lib/python3/dist-packages/reportbug/checkversions.py", line 87, in get_ver
sions_available
page = open_url(url)
File "/usr/lib/python3/dist-packages/reportbug/urlutils.py", line 151, in open_url
page = urlopen(url, proxies, timeout)
File "/usr/lib/python3/dist-packages/reportbug/urlutils.py", line 115, in urlopen
return requests.get(url, headers).text
File "/usr/lib/python3/dist-packages/requests/api.py", line 75, in get
return request('get', url, params=params, **kwargs)
File "/usr/lib/python3/dist-packages/requests/api.py", line 60, in request
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 524, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 637, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
return session.request(method=method, url=url, **kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 524, in request
resp = self.send(prep, **send_kwargs)
File "/usr/lib/python3/dist-packages/requests/sessions.py", line 637, in send
r = adapter.send(request, **kwargs)
File "/usr/lib/python3/dist-packages/requests/adapters.py", line 449, in send
timeout=timeout
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 600, in urlopen
chunked=chunked)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 343, in _make_r
equest
self._validate_conn(conn)
File "/usr/lib/python3/dist-packages/urllib3/connectionpool.py", line 841, in _valida
te_conn
conn.connect()
File "/usr/lib/python3/dist-packages/urllib3/connection.py", line 332, in connect
cert_reqs=resolve_cert_reqs(self.cert_reqs),
File "/usr/lib/python3/dist-packages/urllib3/util/ssl_.py", line 281, in create_urlli
b3_context
context.verify_mode = cert_reqs
File "/usr/lib/python3/dist-packages/urllib3/contrib/pyopenssl.py", line 412, in veri
fy_mode
_verify_callback
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 1108, in set_verify
self._verify_helper = _VerifyHelper(callback)
File "/usr/lib/python3/dist-packages/OpenSSL/SSL.py", line 333, in __init__
"int (*)(int, X509_STORE_CTX *)", wrapper)
SystemError: <built-in method callback of CompiledFFI object at 0x7fbba6efea40> returne
d NULL without setting an error
-- Package-specific info:
** Environment settings:
VISUAL="emacs"
INTERFACE="text"
** /home/user/j/jade/.reportbugrc:
reportbug_version "7.5.0"
mode standard
ui text
no-cc
header "X-Debbugs-CC: jade@cerberus.heptet.us"
smtphost reportbug.debian.org
-- System Information:
Debian Release: 9.5
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages reportbug depends on:
ii apt 1.4.8
ii python3 3.5.3-1
ii python3-reportbug 7.1.7+deb9u2
reportbug recommends no packages.
Versions of packages reportbug suggests:
pn claws-mail <none>
pn debconf-utils <none>
pn debsums <none>
pn dlocate <none>
pn emacs24-bin-common | emacs25-bin-common <none>
ii exim4 4.89-2+deb9u3
ii exim4-daemon-light [mail-transport-agent] 4.89-2+deb9u3
ii file 1:5.30-1+deb9u2
pn gir1.2-gtk-3.0 <none>
pn gir1.2-vte-2.91 <none>
ii gnupg 2.1.18-8~deb9u2
ii python3-gi 3.22.0-2
ii python3-gi-cairo 3.22.0-2
pn python3-gtkspellcheck <none>
pn python3-urwid <none>
ii xdg-utils 1.1.1-1+deb9u1
Versions of packages python3-reportbug depends on:
ii apt 1.4.8
ii file 1:5.30-1+deb9u2
ii python3 3.5.3-1
ii python3-apt 1.4.0~beta3
ii python3-debian 0.1.30
ii python3-debianbts 2.6.1
ii python3-requests 2.12.4-1
python3-reportbug suggests no packages.
-- no debconf information
Reply to: