Bug 468798 - [RHEL5.3] audit test fails "root:system_r:unconfined_t is not a valid context"
[RHEL5.3] audit test fails "root:system_r:unconfined_t is not a valid context"
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: mcstrans (Show other bugs)
5.3
All Linux
medium Severity high
: rc
: ---
Assigned To: Daniel Walsh
BaseOS QE
http://rhts.redhat.com/cgi-bin/rhts/t...
: Regression, TestBlocker
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-27 22:22 EDT by Jeff Burke
Modified: 2009-01-20 17:07 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 17:07:55 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
README.run (6.52 KB, text/plain)
2008-10-28 09:51 EDT, Jeff Burke
no flags Details

  None (edit)
Description Jeff Burke 2008-10-27 22:22:19 EDT
Description of problem:
 When running the LTP SElinux and the HP audit-test-2090 test suites they both fail with the same error message:
root:system_r:unconfined_t is not a valid context

Version-Release number of selected component (if applicable):
RHEL5.3-Server-20081020.1

How reproducible:
Always

Steps to Reproduce:
1. Using the Beta tree RHEL5.3-Server-20081020.1 run either of the following tests. /kernel/security/audit/audit-test-2090 or /kernel/security/selinux/ltp-selinux/20080229
  
Actual results:
<snip>
make[2]: Leaving directory `/mnt/tests/kernel/security/audit/audit-test-2090/audit-test/utils'
make[1]: Leaving directory `/mnt/tests/kernel/security/audit/audit-test-2090/audit-test'
echo "Done building for i386"
Done building for i386
chmod +x ./runtest.sh
./runtest.sh
Changing password for user eal.
passwd: all authentication tokens updated successfully.
Stopping auditd: [  OK  ]
Starting auditd: [  OK  ]
Starting vsftpd for vsftpd: [  OK  ]
***** Starting the runtest.sh script *****
***** Current Test Version = rh-tests-kernel-security-audit-audit-test-2090-1.0 *****
***** Current Running Kernel Package = kernel-2.6.18-120.el5dz_test2.i686 *****
***** Test Start Time: Sat Oct 25 03:02:20 EDT 2008 *****
/mnt/tests/kernel/security/audit/audit-test-2090/audit-test/audit-tools /mnt/tests/kernel/security/audit/audit-test-2090/audit-test
root:system_r:unconfined_t is not a valid context
audit-tools Failed zero Length logs: 
/mnt/tests/kernel/security/audit/audit-test-2090/audit-test
***** Test Stop Time: Sat Oct 25 03:02:20 EDT 2008 *****
***** End of runtest.sh *****
</snip>

Expected results:
This should pass

Additional info:
These tests were working as RHEL5.3-Server-20080814.nightly

Spoke with Steve Grubb:
"HP said that we had a labeling problem and for us to go review the README file."
Not sure what labeling issue we supposedly have or what README file we should read. But this has nothing to do with the audit-test or the LTP SELinux tests. I believe that is has more to do with the way these test are spawned in RHTS. But I am not specifically sure what the error means.

If I take the tests(audit-test, LTP selinux) completely out of the picture. Just using a freshly installed RHEL5-U2 systems and run the following command:
 /usr/bin/runcon root:system_r:unconfined_t -- ls
I get a directory listing:
 anaconda-ks.cfg install.log install.log.syslog ks-post.log 

If I install a system with RHEL5.3-Server-20081020.1 (AKA BETA)
and run the same command:
 /usr/bin/runcon root:system_r:unconfined_t -- ls
It fails with the following message:
 root:system_r:unconfined_t is not a valid context

Same error that is reported by the tests.
Comment 4 Jeff Burke 2008-10-28 09:51:44 EDT
Created attachment 321695 [details]
README.run
Comment 11 Daniel Walsh 2008-10-28 19:43:48 EDT
I think the problem is your test is relying on mcstrans running.  In the failure case it is not running.

root:system_r:unconfined_t:s0 

Is correct,  You should never rely in a test on translation daemon being run or the translations being the same.
Comment 15 Daniel Walsh 2008-10-29 10:41:28 EDT
Fixed in mcstrans-0.2.11-2.el5
Comment 21 errata-xmlrpc 2009-01-20 17:07:55 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0231.html

Note You need to log in before you can comment on or make changes to this bug.