809648 – in follow up to Redhat case#00618469. application functions only when SELINUX is set to permissive

Bug 809648 - in follow up to Redhat case#00618469. application functions only when SELINUX is set to permissive

Summary: in follow up to Redhat case#00618469. application functions only when SELINUX...

Keywords:
Status:	CLOSED INSUFFICIENT_DATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	selinux-policy
Sub Component:
Version:	5.7
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Miroslav Grepl
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2012-04-03 22:53 UTC by i_ajay_1999
Modified:	2013-03-19 14:48 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-03-19 14:48:14 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description i_ajay_1999 2012-04-03 22:53:54 UTC

in follow up to Redhat case#00618469. application functions only when SELINUX is set to permissive.

we tried the following:

1. turned on httpd_unified boolean

2. built custom module and now cat audit.log |allow2audit -alR does not show any messages.

  But, still application works only in permissive mode.
  No, selinux error in the either messages or audit.log file but application works in permissive mode ony. Kernel has booted in audit=1 mode.

please look at case#00618469 for more details.

Comment 2 Miroslav Grepl 2012-04-04 08:52:00 UTC

Could you try to test it with

# semodule -DB

which will turn off dontaudit rules.

Comment 4 Daniel Walsh 2012-04-05 15:47:52 UTC

i_ajay_1999

Who are you working this with from Red Hat, I would like to add them to the bugzilla.

Comment 5 i_ajay_1999 2012-04-05 16:31:03 UTC

Simon Sek. was the redhat engineer working this case...thx-ajay

Comment 6 i_ajay_1999 2012-04-05 21:40:22 UTC

doing "semodule -DB"  and running the job in enrocing mode (it failed) and in permissive mode (was successful) did not create any logs either in /var/log/messages or in audit.log.

Comment 7 Miroslav Grepl 2012-04-06 06:32:18 UTC

Is auditd running?

Comment 8 i_ajay_1999 2012-04-16 18:57:36 UTC

Yes

Comment 9 Miroslav Grepl 2012-07-16 08:42:42 UTC

Does it still persist?

Comment 10 Miroslav Grepl 2013-03-19 14:48:14 UTC

I am going to close this bug. If the problem still persists, please reopen the bug. Thank you.

Note You need to log in before you can comment on or make changes to this bug.