From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13 Description of problem: I turned on auditing for a couple of rules so I can keep an eye on domain transitions. That creates some entries in the audit log such as: "avc: granted { transition } for pid=3409 ". When I run audit2allow on that entry, audit2allow creates a rule for that entry as if the entry were a 'denied' rather than a 'granted'. It came into being an issue when I was ignoring the allow transition entries, and there was an actual 'denied' audit (hidden amongst the granted transitions [for mls reasons]) that I was not catching when manually going through the logs. Version-Release number of selected component (if applicable): policycoreutils-1.33.12-12.el5 How reproducible: Always Steps to Reproduce: 1. Turn on auditing for a domain transition by 'auditallow'ing the domain_auto_trans macro in the misc_patterns.spt file. 2. Run a process with a domain transition in it. 3. Run audit2allow on the audit log. Actual Results: Audit2allow displays rules for the 'granted' transitions as if they were 'denied' Expected Results: Audit2allow should have not generated the rules for the 'granted' transitions. Additional info:
Dan will have to extract the bug fix from sepolgen upstream and back port it.
We need to take the upgraded package and backport
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in policycoreutils-1.33.12-14.1.el5
User jkubin's account has been closed
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0206.html