Description of problem: Beaker reports AVC errors on access to /mnt/testarea/ files, for example: type=SYSCALL msg=audit(1347429444.519:21): arch=40000003 syscall=11 success=yes exit=0 a0=9d78a00 a1=9d782c8 a2=9d77918 a3=9d782c8 items=0 ppid=1945 pid=1946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null) type=AVC msg=audit(1347429444.519:21): avc: denied { append } for pid=1946 comm="semodule" path="/mnt/testarea/TESTOUT.log" dev=dm-0 ino=920733 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file type=AVC msg=audit(1347429444.519:21): avc: denied { append } for pid=1946 comm="semodule" path="/mnt/testarea/selinux.log" dev=dm-0 ino=920746 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file Problem is that rhts selinux module is not loaded: # semodule -l | grep rhts # semodule -v -i /usr/share/selinux/packages/rhts/rhts.pp Attempting to install module '/usr/share/selinux/packages/rhts/rhts.pp': Ok: return value of 0. Committing changes: libsepol.permission_copy_callback: Module rhts depends on permission read_policy in class security, not satisfied (No such file or directory). libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory). semodule: Failed! Version-Release number of selected component (if applicable): rhts-test-env-4.51-1.el6eng.noarch How reproducible: 100% Steps to Reproduce: 1. install RHEL 6.0 released Actual results: rhts selinux module not loaded Expected results: rhts selinux module loaded, no AVCs in /distribution/install Additional info: Based on executed history, it started likely in early August 2012.
Bulk reassignment of issues as Bill has moved to another team.
The bug is actually that our pre-built SELinux policy for RHEL6 is named with a dist tag of 'el6eso' but our dist tag is now 'el6eng'. So the pre-compiled policy is not taking effect.
On Gerrit: http://gerrit.beaker-project.org/#/c/1552/
Verified with rhts-test-env-4.53-1.git.4.8f5e156.el6 rhts selinux policy is loaded successfully after system provision.
Beaker 0.11.0 has been released.