Bug 441402 - audit2allow parses 'granted' audit entries like they were 'denied'
Summary: audit2allow parses 'granted' audit entries like they were 'denied'
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils
Version: 5.1
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-04-07 20:46 UTC by Jeffrey Karrels
Modified: 2009-01-20 22:00 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-01-20 22:00:36 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:0206 0 normal SHIPPED_LIVE policycoreutils bug fix update 2009-01-20 16:06:12 UTC

Description Jeffrey Karrels 2008-04-07 20:46:52 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13

Description of problem:
I turned on auditing for a couple of rules so I can keep an eye on domain transitions. That creates some entries in the audit log such as: "avc:  granted  { transition } for  pid=3409 ". 
When I run audit2allow on that entry, audit2allow creates a rule for that entry as if the entry were a 'denied' rather than a 'granted'. It came into being an issue when I was ignoring the allow transition entries, and there was an actual 'denied' audit (hidden amongst the granted transitions [for mls reasons]) that I was not catching when manually going through the logs.


Version-Release number of selected component (if applicable):
policycoreutils-1.33.12-12.el5

How reproducible:
Always


Steps to Reproduce:
1. Turn on auditing for a domain transition by 'auditallow'ing the domain_auto_trans macro in the misc_patterns.spt file. 

2. Run a process with a domain transition in it.
3. Run audit2allow on the audit log.

Actual Results:
Audit2allow displays rules for the 'granted' transitions as if they were 'denied'

Expected Results:
Audit2allow should have not generated the rules for the 'granted' transitions.

Additional info:

Comment 1 Jeffrey Karrels 2008-04-07 20:50:48 UTC
Dan will have to extract the bug fix from sepolgen upstream and back port it.

Comment 2 Daniel Walsh 2008-05-09 15:20:22 UTC
We need to take the upgraded package and backport

Comment 3 RHEL Program Management 2008-06-04 22:45:19 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.

Comment 5 Daniel Walsh 2008-09-17 18:52:19 UTC
Fixed in policycoreutils-1.33.12-14.1.el5

Comment 7 Tony Fu 2008-10-06 01:28:39 UTC
User jkubin's account has been closed

Comment 10 errata-xmlrpc 2009-01-20 22:00:36 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0206.html


Note You need to log in before you can comment on or make changes to this bug.