Bug 1680601 - libsepol doesn't work with labels where is "." character and no "_t" convention
Summary: libsepol doesn't work with labels where is "." character and no "_t" convention
Keywords:
Status: CLOSED CANTFIX
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: policycoreutils
Version: 8.1
Hardware: All
OS: Linux
medium
low
Target Milestone: rc
: 8.1
Assignee: Petr Lautrbach
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 1680598 1682492
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-02-25 12:01 UTC by Lukas Vrabec
Modified: 2019-08-26 13:14 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1680598
Environment:
Last Closed: 2019-08-26 13:14:18 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Lukas Vrabec 2019-02-25 12:01:59 UTC 
+++ This bug was initially created as a clone of Bug #1680598 +++

Description of problem:
If in source context is "." charakter and no "_t" convention, it's not possible to create local custom module using audit2allow. Based on the error msg it looks like the problem is in libsepol. 

For more info see:
https://github.com/containers/udica/issues/8

Version-Release number of selected component (if applicable):
libsepol-2.8-3.fc30.x86_64

How reproducible:
Always

Actual results:
[root@localhost ~]# audit2allow  -i avc -M test
compilation failed:
libsepol.hierarchy_add_type_callback: issuebug doesn't exist, mycontainer.process is an orphan
libsepol.hierarchy_add_bounds: 1 errors found while adding hierarchies
/usr/bin/checkmodule:  loading policy configuration from test.te

Expected results:
audit2allow will generate custom local policy with source context" mycontainer.process
Note You need to log in before you can comment on or make changes to this bug.