Bug 446430 - audit2allow role allow rules have issues
audit2allow role allow rules have issues
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: policycoreutils (Show other bugs)
rawhide
All Linux
low Severity low
: ---
: ---
Assigned To: Daniel Walsh
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-14 11:51 EDT by Eric Paris
Modified: 2008-09-09 13:31 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-09-09 13:31:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eric Paris 2008-05-14 11:51:43 EDT
Description of problem:

Running livecd-creator (after relabeling it to bin_t) I get a bunch of AVC
denieds.  But audit2allow -a -m modlivecd > modlivecd.te produces and illegal
.te file.  It includes

=========== ROLES ===============
role unconfined_r types groupadd_exec_t;
role unconfined_r types useradd_exec_t;
role unconfined_r types groupadd_exec_t;
role unconfined_r types useradd_exec_t;
role unconfined_r types depmod_exec_t;
role unconfined_r types depmod_exec_t;

4 problems with that block.

1) the role unconfined_r is not in the requires block
2) none of the types (groupadd_exec_t, useradd_exec_t, etc) are in the requires
3) it shows the same rules more than once
4) the ===== ROLES ===== line does not start with a #
Comment 1 Eric Paris 2008-05-14 12:03:08 EDT
policycoreutils-2.0.46-5.fc9.x86_64
selinux-policy-3.3.1-51.fc9.noarch

My guess is that they are a result of audit messages like this

type=SELINUX_ERR msg=audit(1210780569.882:4384): security_compute_sid:  invalid
context unconfined_u:unconfined_r:groupadd_t:s0-s0:c0.c1023 for
scontext=unconfined_u:unconfined_r:rpm_script_t:s0-s0:c0.c1023
tcontext=system_u:object_r:groupadd_exec_t:s0 tclass=process
Comment 2 Daniel Walsh 2008-09-09 13:31:21 EDT
Fixed in policycoreutils-2.0.55-5.fc10.x86_64

Note You need to log in before you can comment on or make changes to this bug.