Bug 441402 - audit2allow parses 'granted' audit entries like they were 'denied'
audit2allow parses 'granted' audit entries like they were 'denied'
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils (Show other bugs)
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2008-04-07 16:46 EDT by Jeffrey Karrels
Modified: 2009-01-20 17:00 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-01-20 17:00:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jeffrey Karrels 2008-04-07 16:46:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv: Gecko/20080311 Firefox/

Description of problem:
I turned on auditing for a couple of rules so I can keep an eye on domain transitions. That creates some entries in the audit log such as: "avc:  granted  { transition } for  pid=3409 ". 
When I run audit2allow on that entry, audit2allow creates a rule for that entry as if the entry were a 'denied' rather than a 'granted'. It came into being an issue when I was ignoring the allow transition entries, and there was an actual 'denied' audit (hidden amongst the granted transitions [for mls reasons]) that I was not catching when manually going through the logs.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Turn on auditing for a domain transition by 'auditallow'ing the domain_auto_trans macro in the misc_patterns.spt file. 

2. Run a process with a domain transition in it.
3. Run audit2allow on the audit log.

Actual Results:
Audit2allow displays rules for the 'granted' transitions as if they were 'denied'

Expected Results:
Audit2allow should have not generated the rules for the 'granted' transitions.

Additional info:
Comment 1 Jeffrey Karrels 2008-04-07 16:50:48 EDT
Dan will have to extract the bug fix from sepolgen upstream and back port it.
Comment 2 Daniel Walsh 2008-05-09 11:20:22 EDT
We need to take the upgraded package and backport
Comment 3 RHEL Product and Program Management 2008-06-04 18:45:19 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
Comment 5 Daniel Walsh 2008-09-17 14:52:19 EDT
Fixed in policycoreutils-1.33.12-14.1.el5
Comment 7 Tony Fu 2008-10-05 21:28:39 EDT
User jkubin@redhat.com's account has been closed
Comment 10 errata-xmlrpc 2009-01-20 17:00:36 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.