Your message dated Sun, 23 Aug 2009 06:02:10 +0000
with message-id <[email protected]>
and subject line Bug#515566: fixed in refpolicy 2:0.2.20090730-2
has caused the Debian Bug report #515566,
regarding selinux-policy-default: selinux policy violation "Unknown" fo rs2ram
(hald_t)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
515566: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=515566
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: selinux-policy-default
Version: 2:0.0.20080702-14
Severity: important
Tags: selinux
This basically makes SELinux unusable on laptops.
Many of the selinux issues that I'm seeing are related to hald.
Probably, if we fix the hal policy, half of the problems should vanish.
Summary:
SELinux is preventing s2ram (hald_t) "execute" to /dev/mem
(memory_device_t).
Detailed Description:
[SELinux is in permissive mode, the operation would have been denied but
was
permitted due to permissive mode.]
SELinux denied access requested by s2ram. It is not expected that this
access is
required by s2ram and this access may signal an intrusion attempt. It is
also
possible that the specific version or configuration of the application
is
causing it to require additional access.
Allowing Access:
Sometimes labeling problems can cause SELinux denials. You could try to
restore
the default system file context for /dev/mem,
restorecon -v '/dev/mem'
If this does not work, there is currently no automatic way to allow this
access.
Instead, you can generate a local policy module to allow this access -
see FAQ
(http://fedora.redhat.com/docs/selinux-faq-fc5/#id2961385) Or you can
disable
SELinux protection altogether. Disabling SELinux protection is not
recommended.
Please file a bug report
(http://bugzilla.redhat.com/bugzilla/enter_bug.cgi)
against this package.
Additional Information:
Source Context unconfined_u:system_r:hald_t:s0
Target Context system_u:object_r:memory_device_t:s0
Target Objects /dev/mem [ chr_file ]
Source s2ram
Source Path /usr/sbin/s2ram
Port <Unknown>
Host champaran
Source RPM Packages
Target RPM Packages
Policy RPM <Unknown>
Selinux Enabled True
Policy Type default
MLS Enabled True
Enforcing Mode Permissive
Plugin Name catchall_file
Host Name champaran
Platform Linux champaran 2.6.28-custom #1 SMP Thu
Feb 12
19:09:05 IST 2009 i686
Alert Count 1
First Seen Mon 16 Feb 2009 01:27:06 PM IST
Last Seen Mon 16 Feb 2009 01:27:06 PM IST
Local ID 4e89d6aa-5273-4b26-a949-228d7135f253
Line Numbers
Raw Audit Messages
node=champaran type=AVC msg=audit(1234771026.836:570): avc: denied {
execute } for pid=4458 comm="s2ram" path="/dev/mem" dev=tmpfs ino=1225
scontext=unconfined_u:system_r:hald_t:s0
tcontext=system_u:object_r:memory_device_t:s0 tclass=chr_file
node=champaran type=SYSCALL msg=audit(1234771026.836:570): arch=40000003
syscall=192 success=yes exit=0 a0=0 a1=502 a2=7 a3=11 items=0 ppid=4374
pid=4458 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="s2ram" exe="/usr/sbin/s2ram"
subj=unconfined_u:system_r:hald_t:s0 key=(null)
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (101, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.28-custom (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages selinux-policy-default depends on:
ii libpam-modules 1.0.1-5 Pluggable Authentication Modules f
ii libselinux1 2.0.65-5 SELinux shared libraries
ii libsepol1 2.0.30-2 Security Enhanced Linux policy lib
ii policycoreutils 2.0.49-8 SELinux core policy utilities
ii python 2.5.2-3 An interactive high-level object-o
Versions of packages selinux-policy-default recommends:
ii checkpolicy 2.0.16-3 SELinux policy compiler
ii setools 3.3.5.ds-5 tools for Security Enhanced Linux
Versions of packages selinux-policy-default suggests:
pn logcheck <none> (no description available)
pn syslog-summary <none> (no description available)
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: refpolicy
Source-Version: 2:0.2.20090730-2
We believe that the bug you reported is fixed in the latest version of
refpolicy, which is due to be installed in the Debian FTP archive:
refpolicy_0.2.20090730-2.diff.gz
to pool/main/r/refpolicy/refpolicy_0.2.20090730-2.diff.gz
refpolicy_0.2.20090730-2.dsc
to pool/main/r/refpolicy/refpolicy_0.2.20090730-2.dsc
selinux-policy-default_0.2.20090730-2_all.deb
to pool/main/r/refpolicy/selinux-policy-default_0.2.20090730-2_all.deb
selinux-policy-dev_0.2.20090730-2_all.deb
to pool/main/r/refpolicy/selinux-policy-dev_0.2.20090730-2_all.deb
selinux-policy-doc_0.2.20090730-2_all.deb
to pool/main/r/refpolicy/selinux-policy-doc_0.2.20090730-2_all.deb
selinux-policy-mls_0.2.20090730-2_all.deb
to pool/main/r/refpolicy/selinux-policy-mls_0.2.20090730-2_all.deb
selinux-policy-src_0.2.20090730-2_all.deb
to pool/main/r/refpolicy/selinux-policy-src_0.2.20090730-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Manoj Srivastava <[email protected]> (supplier of updated refpolicy package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
Format: 1.8
Date: Sat, 22 Aug 2009 19:47:20 -0500
Source: refpolicy
Binary: selinux-policy-default selinux-policy-mls selinux-policy-src
selinux-policy-dev selinux-policy-doc
Architecture: source all
Version: 2:0.2.20090730-2
Distribution: unstable
Urgency: low
Maintainer: Russell Coker <[email protected]>
Changed-By: Manoj Srivastava <[email protected]>
Description:
selinux-policy-default - Strict and Targeted variants of the SELinux policy
selinux-policy-dev - Headers from the SELinux reference policy for building
modules
selinux-policy-doc - Documentation for the SELinux reference policy
selinux-policy-mls - MLS (Multi Level Security) variant of the SELinux policy
selinux-policy-src - Source of the SELinux reference policy for customization
Closes: 515566
Changes:
refpolicy (2:0.2.20090730-2) unstable; urgency=low
.
* Bug fix: "selinux policy violation "Unknown" fo rs2ram
(hald_t)", thanks to Ritesh Raj Sarraf. This has been fixed for a
while, but I only just tested it. (Closes: #515566).
* Re-enable building in parallel. The current statge should be
friendlier to jobserver mode, disabling which causewd all the issues
with the previous state.
Checksums-Sha1:
b0a592e2b98924bb010e544a25a79d2a712210e1 1489 refpolicy_0.2.20090730-2.dsc
77f6f259ad95d0477a227fdcaa860547c9d03e51 91649 refpolicy_0.2.20090730-2.diff.gz
63ba33682f8d2e4ee4a2223aacbfdca9fe63f0f8 3969958
selinux-policy-default_0.2.20090730-2_all.deb
6c66a36cca7e0c38297dd1f9fa2b9c93d38a7447 3971558
selinux-policy-mls_0.2.20090730-2_all.deb
1ac111703c76666e4dddb2dd8975e5fcf0ae64bc 870694
selinux-policy-src_0.2.20090730-2_all.deb
4b47c4c90ad6e8957c11fef063021687ff989f6c 707802
selinux-policy-dev_0.2.20090730-2_all.deb
f494bf6fa0326d9440b7c15707cf9e7eb350b327 479512
selinux-policy-doc_0.2.20090730-2_all.deb
Checksums-Sha256:
a33cb0c66e8012d21a527b0138f10843fb7471de8e726316ecb683543f0f8d0d 1489
refpolicy_0.2.20090730-2.dsc
ae3442c09e2e087af9b442e3485035f25f8dc1e3ffb88bca0d2920076d3a7655 91649
refpolicy_0.2.20090730-2.diff.gz
1adcba1aa6ea86b861c1791574e308ddc30622c42516f20818a0c371df412af8 3969958
selinux-policy-default_0.2.20090730-2_all.deb
f226cd0a932eb826be234c1ccfb98e7006c902dc55746a33df0cc264466bd794 3971558
selinux-policy-mls_0.2.20090730-2_all.deb
dcd06d640e3e9a0e1a04fb20aa7066f8f70c82d25d28d99f6ac345fc58055592 870694
selinux-policy-src_0.2.20090730-2_all.deb
e8f7f60fecb5e57928555ad54e70e44d41b2525f9d7b8695761ffc788e1de81e 707802
selinux-policy-dev_0.2.20090730-2_all.deb
1ba9697fa643bc36dbfca12f0c41600118feedd3bba2dade12cfee57fba0168d 479512
selinux-policy-doc_0.2.20090730-2_all.deb
Files:
50801664df6ab71f5b38a72b7373568e 1489 admin standard
refpolicy_0.2.20090730-2.dsc
eb8d941e4258b1104b554c66ee2d7e76 91649 admin standard
refpolicy_0.2.20090730-2.diff.gz
138e22973704fb8f7b11a9c1b3cf3927 3969958 admin standard
selinux-policy-default_0.2.20090730-2_all.deb
98fcb2777e37d8c50afca084930dde92 3971558 admin extra
selinux-policy-mls_0.2.20090730-2_all.deb
326c4ac4bd6531a6d6b0ab36eeab5de0 870694 admin optional
selinux-policy-src_0.2.20090730-2_all.deb
513eba46808af06f92004871ba85dc44 707802 admin optional
selinux-policy-dev_0.2.20090730-2_all.deb
7a0b9ae5af57111c70677d504b2a7bcd 479512 doc optional
selinux-policy-doc_0.2.20090730-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13-svn0 (GNU/Linux)
iEYEAREDAAYFAkqQw9kACgkQIbrau78kQkzBFACfcpVSO6OcD9ag6JH8sbdkam4P
4acAnRXtRwQDNi4zIMIxFG8yC9pzuM1R
=IlMB
-----END PGP SIGNATURE-----
--- End Message ---
