Bug 1477236

Summary: sealert advice is useless if AVC contains command in hexadecimal form
Product: Red Hat Enterprise Linux 7 Reporter: Milos Malik <mmalik>
Component: setroubleshootAssignee: Vit Mojzis <vmojzis>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: lvrabec, mmalik, plautrba
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
: 1649840 (view as bug list) Environment:
Last Closed: 2019-08-06 13:00:39 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Milos Malik 2017-08-01 14:31:17 UTC 
Description of problem:
* filed with upstream as https://github.com/fedora-selinux/setroubleshoot/issues/56

Version-Release number of selected component (if applicable):
setroubleshoot-server-3.2.28-3.el7.x86_64
setroubleshoot-3.2.28-3.el7.x86_64
setroubleshoot-plugins-3.0.65-1.el7.noarch

How reproducible:
* always

Steps to Reproduce:
1. install setroubleshoot-server and setroubleshoot-plugins packages
2. generate an AVC using a command which has a space in its name
3. sealert -l '*'
4. follow the advice given by catchall plugin

Actual results:
* the ausearch command mentioned in the sealert advice does not find any SELinux denials

Expected results:
* the ausearch command mentioned in the sealert advice does find the SELinux denials
Comment 2 Vit Mojzis 2019-02-25 17:30:22 UTC 
https://github.com/fedora-selinux/setroubleshoot/commit/1f8ab12a770f0b84e397a40abc3d0cd67c99958d
Comment 6 errata-xmlrpc 2019-08-06 13:00:39 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2168