Your message dated Sun, 23 Aug 2009 09:52:37 -0500 with message-id <[email protected]> has caused the report #498320, regarding policycoreutils: audit2allow gives bad policy for role violations to be marked as having been forwarded to the upstream software author(s) [email protected]
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 498320: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498320 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---Hi, This has been reported against the Debian BTS. =========== ROLES =============== role system_r types ssh_exec_t; The above policy is given as the output of audit2allow for the below kernel message: type=SELINUX_ERR msg=audit(1220928625.787:79): security_compute_sid: invalid context unconfined_u:system_r:user_t:s0-s0:c0.c1023 for scontext=unconfined_u:system_r:inetd_t:s0-s0:c0.c1023 tcontext=system_u:object_r:ssh_exec_t:s0 tclass=process One possibility is to have the following, although it might be best to just flag the error and let the sys-admin decide on their own way of solving it (there are several possibilities that are equally valid): role_transition system_r ssh_exec_t user_r; manoj http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=498320 -- Manoj Srivastava <[email protected]> <http://www.golden-gryphon.com/> 1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--- End Message ---
