Bug 441402
| Summary: | audit2allow parses 'granted' audit entries like they were 'denied' | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Jeffrey Karrels <jeffrey.karrels> |
| Component: | policycoreutils | Assignee: | Daniel Walsh <dwalsh> |
| Status: | CLOSED ERRATA | QA Contact: | Ben Levenson <benl> |
| Severity: | medium | Docs Contact: | |
| Priority: | low | ||
| Version: | 5.1 | CC: | dwalsh, mkoci, pgraner |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-20 22:00:36 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Dan will have to extract the bug fix from sepolgen upstream and back port it. We need to take the upgraded package and backport This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Fixed in policycoreutils-1.33.12-14.1.el5 User jkubin's account has been closed An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0206.html |
From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 Description of problem: I turned on auditing for a couple of rules so I can keep an eye on domain transitions. That creates some entries in the audit log such as: "avc: granted { transition } for pid=3409 ". When I run audit2allow on that entry, audit2allow creates a rule for that entry as if the entry were a 'denied' rather than a 'granted'. It came into being an issue when I was ignoring the allow transition entries, and there was an actual 'denied' audit (hidden amongst the granted transitions [for mls reasons]) that I was not catching when manually going through the logs. Version-Release number of selected component (if applicable): policycoreutils-1.33.12-12.el5 How reproducible: Always Steps to Reproduce: 1. Turn on auditing for a domain transition by 'auditallow'ing the domain_auto_trans macro in the misc_patterns.spt file. 2. Run a process with a domain transition in it. 3. Run audit2allow on the audit log. Actual Results: Audit2allow displays rules for the 'granted' transitions as if they were 'denied' Expected Results: Audit2allow should have not generated the rules for the 'granted' transitions. Additional info: