Bug 231021 - LSPP: amtu -n fails with MLS policy in enforcing mode
LSPP: amtu -n fails with MLS policy in enforcing mode
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: selinux-policy (Show other bugs)
5.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
:
Depends On:
Blocks: RHEL5LSPPCertTracker
  Show dependency treegraph
 
Reported: 2007-03-05 12:23 EST by Loulwa Salem
Modified: 2010-10-22 09:30 EDT (History)
4 users (show)

See Also:
Fixed In Version: RHBA-2007-0544
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-07 11:38:29 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
SELinux file context portion of amtu policy (183 bytes, text/plain)
2007-03-05 12:23 EST, Loulwa Salem
no flags Details
amtu SELinux policy (1.51 KB, text/plain)
2007-03-05 12:24 EST, Loulwa Salem
no flags Details

  None (edit)
Description Loulwa Salem 2007-03-05 12:23:08 EST
Note: I am opening this bug on behalf of Emily Ratliff <emilyr@us.ibm.com>

Description of problem:
amtu is a required package for Common Criteria certification. 
amtu -n is currently failing when the system is in enforcing mode with the MLS 
policy when run as root in the sysadm_r role. A policy that transitions amtu 
to its own domain with the required privileges is attached.

---uname output---
Linux 3455racer1.ltc.austin.ibm.com 2.6.18-6.el5.lspp.64 #1 SMP Wed Jan 24 
18:11:50 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
 
Machine Type = Failure occurs on all architectures.
 
---Steps to Reproduce---
Install RHEL5 and configure in LSPP mode with SELinux enforcing the MLS 
policy. 
Log on as root, newrole -r sysadm_r, execute amtu -n.
 
---Security Component Data--- 
/etc/selinux/config output: # This file controls the state of SELinux on the 
system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=mls
Comment 1 Loulwa Salem 2007-03-05 12:23:08 EST
Created attachment 149270 [details]
SELinux file context portion of amtu policy
Comment 2 Loulwa Salem 2007-03-05 12:24:38 EST
Created attachment 149271 [details]
amtu SELinux policy
Comment 3 Irina Boverman 2007-03-05 12:58:05 EST
Added "LSPP" to the summary.
Comment 4 Steve Grubb 2007-03-05 14:52:18 EST
transferring to selinux-policy
Comment 5 Daniel Walsh 2007-03-06 13:19:42 EST
Fixed in selinux-policy-2.4.6-43
Comment 10 errata-xmlrpc 2007-11-07 11:38:29 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0544.html

Note You need to log in before you can comment on or make changes to this bug.