Red Hat Bugzilla – Bug 231021
LSPP: amtu -n fails with MLS policy in enforcing mode
Last modified: 2010-10-22 09:30:53 EDT
Note: I am opening this bug on behalf of Emily Ratliff <email@example.com>
Description of problem:
amtu is a required package for Common Criteria certification.
amtu -n is currently failing when the system is in enforcing mode with the MLS
policy when run as root in the sysadm_r role. A policy that transitions amtu
to its own domain with the required privileges is attached.
Linux 3455racer1.ltc.austin.ibm.com 2.6.18-6.el5.lspp.64 #1 SMP Wed Jan 24
18:11:50 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
Machine Type = Failure occurs on all architectures.
---Steps to Reproduce---
Install RHEL5 and configure in LSPP mode with SELinux enforcing the MLS
Log on as root, newrole -r sysadm_r, execute amtu -n.
---Security Component Data---
/etc/selinux/config output: # This file controls the state of SELinux on the
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - SELinux is fully disabled.
# SELINUXTYPE= type of policy in use. Possible values are:
# targeted - Only targeted network daemons are protected.
# strict - Full SELinux protection.
Created attachment 149270 [details]
SELinux file context portion of amtu policy
Created attachment 149271 [details]
amtu SELinux policy
Added "LSPP" to the summary.
transferring to selinux-policy
Fixed in selinux-policy-2.4.6-43
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.