Description of problem:
Beaker reports AVC errors on access to /mnt/testarea/ files, for example:
type=SYSCALL msg=audit(1347429444.519:21): arch=40000003 syscall=11 success=yes exit=0 a0=9d78a00 a1=9d782c8 a2=9d77918 a3=9d782c8 items=0 ppid=1945 pid=1946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1347429444.519:21): avc: denied { append } for pid=1946 comm="semodule" path="/mnt/testarea/TESTOUT.log" dev=dm-0 ino=920733 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file
type=AVC msg=audit(1347429444.519:21): avc: denied { append } for pid=1946 comm="semodule" path="/mnt/testarea/selinux.log" dev=dm-0 ino=920746 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file
Problem is that rhts selinux module is not loaded:
# semodule -l | grep rhts
# semodule -v -i /usr/share/selinux/packages/rhts/rhts.pp
Attempting to install module '/usr/share/selinux/packages/rhts/rhts.pp':
Ok: return value of 0.
Committing changes:
libsepol.permission_copy_callback: Module rhts depends on permission read_policy in class security, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule: Failed!
Version-Release number of selected component (if applicable):
rhts-test-env-4.51-1.el6eng.noarch
How reproducible:
100%
Steps to Reproduce:
1. install RHEL 6.0 released
Actual results:
rhts selinux module not loaded
Expected results:
rhts selinux module loaded, no AVCs in /distribution/install
Additional info:
Based on executed history, it started likely in early August 2012.
The bug is actually that our pre-built SELinux policy for RHEL6 is named with a dist tag of 'el6eso' but our dist tag is now 'el6eng'. So the pre-compiled policy is not taking effect.