Bug#722700: selinux-policy-default: Permission block_suspend in class capability2 not defined in policy.

Fri, 13 Sep 2013 05:30:55 -0700 

Package: selinux-policy-default
Version: 2:2.20110726-12
Severity: grave
Tags: upstream
Justification: renders package unusable

Dear Maintainer,

this is an example from "ausearch -m avc":

type=SYSCALL msg=audit(1379073446.149:88): arch=40000003 syscall=255 
success=yes exit=0 a0=e a1=2 a2=1f a3=bfff9d34 items=0 ppid=1 pid=2597 
auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 
ses=4294967295 tty=(none) comm="master" exe="/usr/lib/postfix/master" 
subj=system_u:system_r:postfix_master_t:s0 key=(null)
type=AVC msg=audit(1379073446.149:88): avc:  denied  { block_suspend } for  
pid=2597 comm="master" capability=36  
scontext=system_u:system_r:postfix_master_t:s0 
tcontext=system_u:system_r:postfix_master_t:s0 tclass=capability2

This cannot be solved with usual audit2allow, because when rebuilding the 
policy there is this error message from the kernel: "SELinux:  Permission 
block_suspend in class capability2 not defined in policy."

Check the samme issue in Fedora: 
https://lists.fedoraproject.org/pipermail/users/2012-August/423398.html

Please update the package selinux-policy-default to newer version from upstream 
to make it compatible with the used kernel (currently 3.10 in jessie).


-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.10-2-686-pae (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages selinux-policy-default depends on:
ii  libpam-modules   1.1.3-9
ii  libselinux1      2.1.13-2
ii  libsepol1        2.1.9-2
ii  policycoreutils  2.1.13-2+b1
ii  python           2.7.5-4

Versions of packages selinux-policy-default recommends:
ii  checkpolicy  2.1.12-1
ii  setools      3.3.8-1

Versions of packages selinux-policy-default suggests:
pn  logcheck        <none>
pn  syslog-summary  <none>

-- Configuration Files:
/etc/selinux/default/modules/active/file_contexts.local [Errno 13] Permission 
denied: u'/etc/selinux/default/modules/active/file_contexts.local'

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to