Bug 856506 - rhts selinux module fails to load on RHEL-6.0 Server (released)
rhts selinux module fails to load on RHEL-6.0 Server (released)
Status: CLOSED CURRENTRELEASE
Product: Beaker
Classification: Community
Component: beah (Show other bugs)
0.9
Unspecified Unspecified
unspecified Severity unspecified (vote)
: 0.11
: ---
Assigned To: Amit Saha
Qixiang Wan
SELinux
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-12 03:47 EDT by Jan Stancek
Modified: 2015-07-26 18:14 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-01-16 23:34:11 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Stancek 2012-09-12 03:47:23 EDT
Description of problem:
Beaker reports AVC errors on access to /mnt/testarea/ files, for example:

type=SYSCALL msg=audit(1347429444.519:21): arch=40000003 syscall=11 success=yes exit=0 a0=9d78a00 a1=9d782c8 a2=9d77918 a3=9d782c8 items=0 ppid=1945 pid=1946 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=4294967295 comm="semodule" exe="/usr/sbin/semodule" subj=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 key=(null)
type=AVC msg=audit(1347429444.519:21): avc:  denied  { append } for  pid=1946 comm="semodule" path="/mnt/testarea/TESTOUT.log" dev=dm-0 ino=920733 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file
type=AVC msg=audit(1347429444.519:21): avc:  denied  { append } for  pid=1946 comm="semodule" path="/mnt/testarea/selinux.log" dev=dm-0 ino=920746 scontext=unconfined_u:unconfined_r:semanage_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:mnt_t:s0 tclass=file

Problem is that rhts selinux module is not loaded:
# semodule -l | grep rhts

# semodule -v -i /usr/share/selinux/packages/rhts/rhts.pp
Attempting to install module '/usr/share/selinux/packages/rhts/rhts.pp':
Ok: return value of 0.
Committing changes:
libsepol.permission_copy_callback: Module rhts depends on permission read_policy in class security, not satisfied (No such file or directory).
libsemanage.semanage_link_sandbox: Link packages failed (No such file or directory).
semodule:  Failed!

Version-Release number of selected component (if applicable):
rhts-test-env-4.51-1.el6eng.noarch

How reproducible:
100%

Steps to Reproduce:
1. install RHEL 6.0 released

Actual results:
rhts selinux module not loaded

Expected results:
rhts selinux module loaded, no AVCs in /distribution/install

Additional info:
Based on executed history, it started likely in early August 2012.
Comment 2 Nick Coghlan 2012-10-17 00:36:10 EDT
Bulk reassignment of issues as Bill has moved to another team.
Comment 3 Dan Callaghan 2012-10-29 01:49:26 EDT
The bug is actually that our pre-built SELinux policy for RHEL6 is named with a dist tag of 'el6eso' but our dist tag is now 'el6eng'. So the pre-compiled policy is not taking effect.
Comment 4 Amit Saha 2012-12-11 03:36:21 EST
On Gerrit: http://gerrit.beaker-project.org/#/c/1552/
Comment 9 Qixiang Wan 2013-01-04 00:40:43 EST
Verified with rhts-test-env-4.53-1.git.4.8f5e156.el6

rhts selinux policy is loaded successfully after system provision.
Comment 10 Dan Callaghan 2013-01-16 23:34:11 EST
Beaker 0.11.0 has been released.

Note You need to log in before you can comment on or make changes to this bug.