Public bug reported:
The selinux-policy-default and selinux-policy-mls packages provide much
newer policies than selinux-policy-ubuntu does. This package does not
appear to have received any significant updates in over two years.
The selinux-policy-ubuntu package also lacks
/etc/selinux/ubuntu/setrans.conf which breaks installation of the
policycoreutils package.
In addition, there is something wrong with the MCS pieces of this policy. When
using this policy, ssh access is denied with:
type=AVC msg=audit(1347025199.428:158): avc: denied { transition } for
pid=2220 comm="sshd" path="/bin/bash" dev=dm-0 ino=555
scontext=system_u:system_r:sshd_t:s0
tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c255 tclass=process
Commenting out the "mlsconstrain process { transition dyntransition }"
constraint in policy/mcs fixes this problem, although I don't know enough about
the internals of MCS to determine the root cause of this issue.
I suggest removing this package from the repository, or at least
updating the package description to direct users to the selinux-policy-
default and/or selinux-policy-mls packages.
** Affects: refpolicy-ubuntu (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1063924
Title:
Policy is outdated and broken
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/refpolicy-ubuntu/+bug/1063924/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
