Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 490442 - <sys-apps/policycoreutils-2.2.5-r1 audit2allow does not create refpolicy style module
Summary: <sys-apps/policycoreutils-2.2.5-r1 audit2allow does not create refpolicy styl...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: SELinux (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: SE Linux Bugs
URL:
Whiteboard: selinux-utils
Keywords:
Depends on:
Blocks:
 
Reported: 2013-11-04 21:54 UTC by Sven Vermeulen (RETIRED)
Modified: 2014-01-20 20:17 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sven Vermeulen (RETIRED) gentoo-dev 2013-11-04 21:54:03 UTC
When trying to build a SELinux module using "audit2allow -m test -R" (-R to use refpolicy style interfaces) the module does not use the interface, instead relying back on the 'regular' allow statement.

The /var/lib/sepolgen/interface_info is up2date (sepolgen-ifgen was ran and the information for the call I need (kernel_rw_kernel_sysctl) seems to be provided in it. Also, strace'ing the audit2allow process does show that it is reading this file.

Reproducible: Always
Comment 1 Sven Vermeulen (RETIRED) gentoo-dev 2013-12-29 15:07:20 UTC
Seems to be working for more recent policycoreutils (testing with 2.2.5 here):

# cat /tmp/test.txt | audit2allow -m test -R; cat /tmp/test.txt 

policy_module(test, 1.0)

require {
        type gpg_pinentry_t;
}

#============= gpg_pinentry_t ==============
fs_getattr_xattr_fs(gpg_pinentry_t)

type=AVC msg=audit(1388327755.063:952): avc:  denied  { getattr } for  pid=989 comm="pinentry" name="/" dev="dm-3" ino=2 scontext=staff_u:staff_r:gpg_pinentry_t tcontext=system_u:object_r:fs_t tclass=filesystem
Comment 2 Sven Vermeulen (RETIRED) gentoo-dev 2014-01-20 20:17:36 UTC
Stable in tree