Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 231021

Summary: LSPP: amtu -n fails with MLS policy in enforcing mode
Product: Red Hat Enterprise Linux 5 Reporter: Loulwa Salem <loulwa>
Component: selinux-policyAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 5.0CC: iboverma, krisw, linda.knippers, sgrubb
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: RHBA-2007-0544 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-11-07 16:38:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 224041    
Attachments:
Description Flags
SELinux file context portion of amtu policy
none
amtu SELinux policy none

Description Loulwa Salem 2007-03-05 17:23:08 UTC 
Note: I am opening this bug on behalf of Emily Ratliff <emilyr.com>

Description of problem:
amtu is a required package for Common Criteria certification. 
amtu -n is currently failing when the system is in enforcing mode with the MLS 
policy when run as root in the sysadm_r role. A policy that transitions amtu 
to its own domain with the required privileges is attached.

---uname output---
Linux 3455racer1.ltc.austin.ibm.com 2.6.18-6.el5.lspp.64 #1 SMP Wed Jan 24 
18:11:50 EST 2007 x86_64 x86_64 x86_64 GNU/Linux
 
Machine Type = Failure occurs on all architectures.
 
---Steps to Reproduce---
Install RHEL5 and configure in LSPP mode with SELinux enforcing the MLS 
policy. 
Log on as root, newrole -r sysadm_r, execute amtu -n.
 
---Security Component Data--- 
/etc/selinux/config output: # This file controls the state of SELinux on the 
system.
# SELINUX= can take one of these three values:
#       enforcing - SELinux security policy is enforced.
#       permissive - SELinux prints warnings instead of enforcing.
#       disabled - SELinux is fully disabled.
SELINUX=enforcing
# SELINUXTYPE= type of policy in use. Possible values are:
#       targeted - Only targeted network daemons are protected.
#       strict - Full SELinux protection.
SELINUXTYPE=mls
Comment 1 Loulwa Salem 2007-03-05 17:23:08 UTC 
Created attachment 149270 [details]
SELinux file context portion of amtu policy
Comment 2 Loulwa Salem 2007-03-05 17:24:38 UTC 
Created attachment 149271 [details]
amtu SELinux policy
Comment 3 Irina Boverman 2007-03-05 17:58:05 UTC 
Added "LSPP" to the summary.
Comment 4 Steve Grubb 2007-03-05 19:52:18 UTC 
transferring to selinux-policy
Comment 5 Daniel Walsh 2007-03-06 18:19:42 UTC 
Fixed in selinux-policy-2.4.6-43
Comment 10 errata-xmlrpc 2007-11-07 16:38:29 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0544.html