[DSE-Dev] Bug#722700: selinux-policy-default: Permission block_suspend in class capability2 not defined in policy.
Leos Bitto
Leos.Bitto at gmail.com
Fri Sep 13 12:17:18 UTC 2013
Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: grave
Tags: upstream
Justification: renders package unusable
Dear Maintainer,
this is an example from "ausearch -m avc":
type=SYSCALL msg=audit(1379073446.149:88): arch=40000003 syscall=255 success=yes exit=0 a0=e a1=2 a2=1f a3=bfff9d34 items=0 ppid=1 pid=2597 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 ses=4294967295 tty=(none) comm="master" exe="/usr/lib/postfix/master" subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1379073446.149:88): avc: denied { block_suspend } for pid=2597 comm="master" capability=36 scontext=system_u:system_r:postfix_master_t:s0 tcontext=system_u:system_r:postfix_master_t:s0 tclass=capability2
This cannot be solved with usual audit2allow, because when rebuilding the policy there is this error message from the kernel: "SELinux: Permission block_suspend in class capability2 not defined in policy."
Check the samme issue in Fedora: https://lists.fedoraproject.org/pipermail/users/2012-August/423398.html
Please update the package selinux-policy-default to newer version from upstream to make it compatible with the used kernel (currently 3.10 in jessie).
-- System Information:
Debian Release: jessie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 3.10-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.1.3-9
ii libselinux1 2.1.13-2
ii libsepol1 2.1.9-2
ii policycoreutils 2.1.13-2+b1
ii python 2.7.5-4
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.1.12-1
ii setools 3.3.8-1
Versions of packages selinux-policy-default suggests:
pn logcheck <none>
pn syslog-summary <none>
-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission denied: u'/etc/selinux/default/modules/active/file_contexts.local'
-- no debconf information
More information about the SELinux-devel
mailing list