Bug 1412607
| Summary: | Usage of consoletype_exec() leads to module loading error | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Thomas Mueller <mueller> | ||||
| Component: | selinux-policy | Assignee: | Lukas Vrabec <lvrabec> | ||||
| Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | low | Docs Contact: | |||||
| Priority: | low | ||||||
| Version: | 7.3 | CC: | lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-08-17 11:19:34 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1393066 | ||||||
| Attachments: |
|
||||||
This module is not part of RHEL SELinux distribution policy. We don't support this. Closing asi WONTFIX. it's not about the symantec policy. its about the consoletype_* interfaces defined in /usr/share/selinux/devel/include/admin/consoletype.if which are IMHO a leftover. |
Created attachment 1239876 [details] symantec_ap selinux policy Description of problem: can't load own selinux module which compiles fine: #> semodule -i symantec_ap.pp Failed to resolve typeattributeset statement at /etc/selinux/targeted/modules/400/symantec_ap/cil:42 semodule: Failed! Version-Release number of selected component (if applicable): RHEL 7.3 with selinux-policy-devel 3.13.1-102.el7_3.7 How reproducible: every time Steps to Reproduce: 1. compile attached symantec_ap.te with make -f /usr/share/selinux/devel/Makefile 2. semodule -i symantec_ap.pp Actual results: semodule fails Expected results: make already should fail because consoletype_* attributes are nomore provided with RHEL 7.3 Additional info: * consoletype_* interfaces are provided with /usr/share/selinux/devel/include/admin/consoletype.if and I think they should be removed. * "seinfo -a | grep consoletype" does not show anything * the interfaces are still present on Fedora 25 * the attached symantec_ap.te file works on RHEL 7.2