Package: selinux-policy-default
Version: 1:1.26-2
Severity: normal
,----[ Error report ]
| /usr/bin/checkpolicy: loading policy configuration from policy.conf
| assertion on line 488848 violated by allow kernel_t etc_t:file { write create
setattr append unlink link rename };
| assertion on line 488847 violated by allow kernel_t etc_t:lnk_file { create
setattr unlink link rename };
| assertion on line 488846 violated by allow kernel_t etc_t:dir { create
setattr unlink link rename reparent rmdir };
| 3 assertion violations occured
| The assertions are:
| neverallow {domain -auth_write -etc_writer -unrestricted } etc_t:dir ~{ read
getattr lock search ioctl add_name remove_name write };
| neverallow {domain -auth_write -etc_writer -unrestricted } etc_t:lnk_file ~{
read getattr lock ioctl };
| neverallow {domain -auth_write -etc_writer -unrestricted } etc_t:file ~{
execute_no_trans { read getattr lock execute ioctl } };
`----
We need to add etc_writer to kernel_t unconditionally --
checkpolicy versions now seem to check assertions with conditionals
differently from before.
manoj
diff -uBbwr usr/share/selinux/policy/default/domains/misc/kernel.te
usr/share/selinux/policy/current
/domains/misc/kernel.te
--- usr/share/selinux/policy/default/domains/misc/kernel.te 2005-09-25
07:23:41.000000000 -0500
+++ usr/share/selinux/policy/current/domains/misc/kernel.te 2005-10-03
13:41:45.000000000 -0500
@@ -11,7 +11,7 @@
# kernel_t is the domain of kernel threads.
# It is also the target type when checking permissions in the system class.
#
-type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread,
mlsprocwrite, privsy
smod ifdef(`nfs_export_all_rw',`,etc_writer'), privrangetrans ;
+type kernel_t, domain, privmodule, privlog, sysctl_kernel_writer, mlsprocread,
mlsprocwrite, privsy
smod, etc_writer, privrangetrans ;
role system_r types kernel_t;
general_domain_access(kernel_t)
general_proc_read_access(kernel_t)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.13-mh1-skas3-v9-pre7
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages selinux-policy-default depends on:
ii checkpolicy 1.27.4-1 SELinux policy compiler
ii libpam-modules 0.79-2 Pluggable Authentication Modules f
ii libselinux1 1.26-1 SELinux shared libraries
ii m4 1.4.3-2 a macro processing language
ii make 3.80-11 The GNU version of the "make" util
ii policycoreutils 1.26-1 SELinux core policy utilities
ii python 2.3.5-3 An interactive high-level object-o
selinux-policy-default recommends no packages.
-- no debconf information
--
Where humor is concerned there are no standards -- no one can say what
is good or bad, although you can be sure that everyone will. -- John
Kenneth Galbraith
Manoj Srivastava <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
