Bug 468798

Summary: [RHEL5.3] audit test fails "root:system_r:unconfined_t is not a valid context"
Product: Red Hat Enterprise Linux 5 Reporter: Jeff Burke <jburke>
Component: mcstransAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: high Docs Contact:
Priority: medium    
Version: 5.3CC: benl, duck, dzickus, lwang, pbunyan, sgrubb, syeghiay
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://rhts.redhat.com/cgi-bin/rhts/test_log.cgi?id=4832968
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-01-20 22:07:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
README.run none

Description Jeff Burke 2008-10-28 02:22:19 UTC 
Description of problem:
 When running the LTP SElinux and the HP audit-test-2090 test suites they both fail with the same error message:
root:system_r:unconfined_t is not a valid context

Version-Release number of selected component (if applicable):
RHEL5.3-Server-20081020.1

How reproducible:
Always

Steps to Reproduce:
1. Using the Beta tree RHEL5.3-Server-20081020.1 run either of the following tests. /kernel/security/audit/audit-test-2090 or /kernel/security/selinux/ltp-selinux/20080229
  
Actual results:
<snip>
make[2]: Leaving directory `/mnt/tests/kernel/security/audit/audit-test-2090/audit-test/utils'
make[1]: Leaving directory `/mnt/tests/kernel/security/audit/audit-test-2090/audit-test'
echo "Done building for i386"
Done building for i386
chmod +x ./runtest.sh
./runtest.sh
Changing password for user eal.
passwd: all authentication tokens updated successfully.
Stopping auditd: [  OK  ]
Starting auditd: [  OK  ]
Starting vsftpd for vsftpd: [  OK  ]
***** Starting the runtest.sh script *****
***** Current Test Version = rh-tests-kernel-security-audit-audit-test-2090-1.0 *****
***** Current Running Kernel Package = kernel-2.6.18-120.el5dz_test2.i686 *****
***** Test Start Time: Sat Oct 25 03:02:20 EDT 2008 *****
/mnt/tests/kernel/security/audit/audit-test-2090/audit-test/audit-tools /mnt/tests/kernel/security/audit/audit-test-2090/audit-test
root:system_r:unconfined_t is not a valid context
audit-tools Failed zero Length logs: 
/mnt/tests/kernel/security/audit/audit-test-2090/audit-test
***** Test Stop Time: Sat Oct 25 03:02:20 EDT 2008 *****
***** End of runtest.sh *****
</snip>

Expected results:
This should pass

Additional info:
These tests were working as RHEL5.3-Server-20080814.nightly

Spoke with Steve Grubb:
"HP said that we had a labeling problem and for us to go review the README file."
Not sure what labeling issue we supposedly have or what README file we should read. But this has nothing to do with the audit-test or the LTP SELinux tests. I believe that is has more to do with the way these test are spawned in RHTS. But I am not specifically sure what the error means.

If I take the tests(audit-test, LTP selinux) completely out of the picture. Just using a freshly installed RHEL5-U2 systems and run the following command:
 /usr/bin/runcon root:system_r:unconfined_t -- ls
I get a directory listing:
 anaconda-ks.cfg install.log install.log.syslog ks-post.log 

If I install a system with RHEL5.3-Server-20081020.1 (AKA BETA)
and run the same command:
 /usr/bin/runcon root:system_r:unconfined_t -- ls
It fails with the following message:
 root:system_r:unconfined_t is not a valid context

Same error that is reported by the tests.
Comment 4 Jeff Burke 2008-10-28 13:51:44 UTC 
Created attachment 321695 [details]
README.run
Comment 11 Daniel Walsh 2008-10-28 23:43:48 UTC 
I think the problem is your test is relying on mcstrans running.  In the failure case it is not running.

root:system_r:unconfined_t:s0 

Is correct,  You should never rely in a test on translation daemon being run or the translations being the same.
Comment 15 Daniel Walsh 2008-10-29 14:41:28 UTC 
Fixed in mcstrans-0.2.11-2.el5
Comment 21 errata-xmlrpc 2009-01-20 22:07:55 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0231.html