Fedora 31 Selinux MLS problems and errors

Sun, 16 Feb 2020 01:51:51 -0800 

I try to use the Selinux MLS with Fedora 31, 
After relabel the files and start the environment I get multiple errors...
This is one example of the MLS issue.

SELinux is preventing su from open access on the file /var/log/lastlog.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that su should be allowed open access on the lastlog file by 
default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'su' --raw | audit2allow -M my-su
# semodule -X 300 -i my-su.pp

I try to fix it but I got this error

[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename 
mounton } ((l1 eq l2 -Fail-)  or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom 
l2 -Fail-)  and (l1 domby l2)  or (t2 == mlsfilewriteinrange -Fail-)  and (l1 
dom l2 -Fail-)  an
#       mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 
== mlsfilereadtoclr -Fail-)  and (h1 dom l2 -Fail-)  or (t1 == mlsfileread 
-Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename 
mounton } ((l1 eq l2 -Fail-)  or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom 
l2 -Fail-)  and (l1 domby l2)  or (t2 == mlsfilewriteinrange -Fail-)  and (l1 
dom l2 -Fail-)  an
#       mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 
== mlsfilereadtoclr -Fail-)  and (h1 dom l2 -Fail-)  or (t1 == mlsfileread 
-Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org

Reply via email to