Bug 836213
Summary: | sesearch --all does not find all rules | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> |
Component: | setools | Assignee: | Petr Lautrbach <plautrba> |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> |
Severity: | medium | Docs Contact: | |
Priority: | urgent | ||
Version: | 7.0 | CC: | dwalsh, ksrot, mgrepl, ovasik, vmojzis |
Target Milestone: | rc | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | setools-3.3.8-2.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-04-10 16:39:29 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Milos Malik
2012-06-28 11:35:40 UTC
"sesearch --all" was able to find allow, dontaudit, auditallow, type_trans, range_trans rules on RHEL-5 and RHEL-6, but the same command executed on RHEL-7 is not able to find any allow or auditallow or dontaudit rule. Fixed in setools-3.3.7-45.el7.src.rpm Closing CURRENTRELEASE as RHEL 7.0 Erratum contains later version ( https://errata.devel.redhat.com/advisory/17365/builds ). Feel free to reopen if the issue is still not yet properly fixed in 7.0 . The problem is still not fixed. # rpm -qa setools\* setools-gui-3.3.8-1.1.el7.x86_64 setools-console-3.3.8-1.1.el7.x86_64 setools-libs-3.3.8-1.1.el7.x86_64 setools-3.3.8-1.1.el7.x86_64 setools-libs-tcl-3.3.8-1.1.el7.x86_64 setools-devel-3.3.8-1.1.el7.x86_64 # sesearch -s ipsec_t -t ipsec_mgmt_t -c process --allow Found 1 semantic av rules: allow ipsec_t ipsec_mgmt_t : process { transition sigchld } ; # sesearch -s ipsec_t -t ipsec_mgmt_t -c process --dontaudit Found 1 semantic av rules: dontaudit domain domain : process { noatsecure siginh rlimitinh } ; # sesearch -s ipsec_t -t ipsec_mgmt_t -c process --all ERROR: Cannot get avrules: Neverallow rules requested but not available Found 39 role allow rules: allow system_r xguest_r; allow webadm_r system_r; allow system_r webadm_r; allow system_r user_r; allow system_r unconfined_r; allow system_r unconfined_r; allow system_r unconfined_r; allow unconfined_r system_r; allow sysadm_r user_r; allow sysadm_r staff_r; allow sysadm_r system_r; allow sysadm_r secadm_r; allow sysadm_r system_r; allow sysadm_r system_r; allow sysadm_r system_r; allow sysadm_r system_r; allow sysadm_r system_r; allow sysadm_r auditadm_r; allow system_r sysadm_r; allow staff_r webadm_r; allow staff_r unconfined_r; allow staff_r sysadm_r; allow staff_r secadm_r; allow staff_r logadm_r; allow staff_r dbadm_r; allow staff_r auditadm_r; allow system_r staff_r; allow secadm_r sysadm_r; allow secadm_r auditadm_r; allow system_r nx_server_r; allow logadm_r system_r; allow logadm_r system_r; allow system_r guest_r; allow dbadm_r system_r; allow dbadm_r system_r; allow system_r system_r; allow auditadm_r sysadm_r; allow auditadm_r secadm_r; allow auditadm_r system_r; # Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:0916 |