Bug 619285
Summary: | staff_u user cannot run "Applications -> System Tools -> SELinux Audit Log Analysis" | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Milos Malik <mmalik> | ||||||
Component: | selinux-policy | Assignee: | Daniel Walsh <dwalsh> | ||||||
Status: | CLOSED WONTFIX | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
Severity: | medium | Docs Contact: | |||||||
Priority: | low | ||||||||
Version: | 6.0 | Keywords: | RHELNAK | ||||||
Target Milestone: | rc | ||||||||
Target Release: | --- | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
Whiteboard: | |||||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||||
Doc Text: | Story Points: | --- | |||||||
Clone Of: | Environment: | ||||||||
Last Closed: | 2010-07-29 13:44:40 UTC | Type: | --- | ||||||
Regression: | --- | Mount Type: | --- | ||||||
Documentation: | --- | CRM: | |||||||
Verified Versions: | Category: | --- | |||||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
Cloudforms Team: | --- | Target Upstream Version: | |||||||
Embargoed: | |||||||||
Attachments: |
|
Description
Milos Malik
2010-07-29 07:28:03 UTC
This issue has been proposed when we are only considering blocker issues in the current Red Hat Enterprise Linux release. ** If you would still like this issue considered for the current release, ask your support representative to file as a blocker on your behalf. Otherwise ask that it be considered for the next Red Hat Enterprise Linux release. ** Created attachment 435233 [details]
AVCs caught during the action
Created attachment 435234 [details]
screenshot taken immediately after the action
The same problem arises if the user runs Applications -> System Tools -> SELinux Policy Generation Tool . I know that staff_u user is not able to run some programs, but the user should be at least allowed to read the message in the window (see the attached screenshot). It is questionable whether a staff_t user should be able to look at log files. The selinux policy generation is also tough. The problem is these tools have not been dbus-ified so it is not likely that these will work or should work in RHEL6. Development Management has reviewed and declined this request. You may appeal this decision by reopening this request. |