Bug 441402 - audit2allow parses 'granted' audit entries like they were 'denied'
audit2allow parses 'granted' audit entries like they were 'denied'
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils (Show other bugs)
5.1
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-07 16:46 EDT by Jeffrey Karrels
Modified: 2009-01-20 17:00 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 17:00:36 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jeffrey Karrels 2008-04-07 16:46:52 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13

Description of problem:
I turned on auditing for a couple of rules so I can keep an eye on domain transitions. That creates some entries in the audit log such as: "avc:  granted  { transition } for  pid=3409 ". 
When I run audit2allow on that entry, audit2allow creates a rule for that entry as if the entry were a 'denied' rather than a 'granted'. It came into being an issue when I was ignoring the allow transition entries, and there was an actual 'denied' audit (hidden amongst the granted transitions [for mls reasons]) that I was not catching when manually going through the logs.


Version-Release number of selected component (if applicable):
policycoreutils-1.33.12-12.el5

How reproducible:
Always


Steps to Reproduce:
1. Turn on auditing for a domain transition by 'auditallow'ing the domain_auto_trans macro in the misc_patterns.spt file. 

2. Run a process with a domain transition in it.
3. Run audit2allow on the audit log.

Actual Results:
Audit2allow displays rules for the 'granted' transitions as if they were 'denied'

Expected Results:
Audit2allow should have not generated the rules for the 'granted' transitions.

Additional info:
Comment 1 Jeffrey Karrels 2008-04-07 16:50:48 EDT
Dan will have to extract the bug fix from sepolgen upstream and back port it.
Comment 2 Daniel Walsh 2008-05-09 11:20:22 EDT
We need to take the upgraded package and backport
Comment 3 RHEL Product and Program Management 2008-06-04 18:45:19 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 5 Daniel Walsh 2008-09-17 14:52:19 EDT
Fixed in policycoreutils-1.33.12-14.1.el5
Comment 7 Tony Fu 2008-10-05 21:28:39 EDT
User jkubin@redhat.com's account has been closed
Comment 10 errata-xmlrpc 2009-01-20 17:00:36 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0206.html

Note You need to log in before you can comment on or make changes to this bug.