Description of problem: Running "semanage translation -a -T Secret s0:c2" causes denials and setrans.conf mode changes. Version-Release number of selected component (if applicable): * Fedora release 9.90.1 (Rawhide) * policycoreutils-2.0.55-1.fc10.i386 * libselinux-2.0.71-1.fc10.i386 * selinux-policy-mls-3.5.5-3.fc10.noarch * libselinux-python-2.0.71-1.fc10.i386 * selinux-policy-targeted-3.5.5-3.fc10.noarch * selinux-policy-3.5.5-3.fc10.noarch SELinux status: enabled SELinuxfs mount: /selinux Current mode: enforcing Mode from config file: enforcing Policy version: 23 Policy from config file: targeted How reproducible: Always Steps to Reproduce: 1. ls -l /etc/selinux/targeted/setrans.conf -rw-r--r-- 1 root root 611 2008-09-03 11:14 /etc/selinux/targeted/setrans.conf 2. semanage translation -a -T Secret s0:c2 /etc/init.d/functions: line 19: /sbin/consoletype: Permission denied env: /etc/init.d/mcstrans: Permission denied 3. ls -l /etc/selinux/targeted/setrans.conf -rw------- 1 root root 611 2008-09-03 11:14 /etc/selinux/targeted/setrans.conf Actual results: Errors on the console; AVC denials; setrans.conf mode changed from 644 to 600. Expected results: No errors on the console; no AVC denials; setrans.conf mode stays as 644.
"semanage translation -a -T Secret s0:c2" adds the translation despite the errors and denials. Looks almost the same as bug #460970 but with less denials.
Created attachment 315613 [details] AVC denials
Fixed in selinux-policy-3.5.6-2.fc10.noarch