rawhide selinux-policy-strict whoopsage...
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Fri Feb 3 18:19:52 UTC 2006
On Thu, 02 Feb 2006 12:31:08 EST, Stephen Smalley said:
> On Thu, 2006-02-02 at 12:18 -0500, Valdis.Kletnieks at vt.edu wrote:
> > 18 assertions. This looks fixable....
>
> Yes, that is actually a bug in the copying of assertions during module
> linking - no real assertions failed. Should be fixed in libsepol
> 1.11.11.
I snagged libsepol-1.11.12 and selinux-policy-strict-2.2.9-2 and now we have:
...
Attempting to install module 'xserver.pp':
Ok: return value of 0.
Attempting to install module 'zebra.pp':
Ok: return value of 0.
Committing changes:
libsepol.check_assertion_helper: assertion on line 0 violated by allow user_sudo_t user_sudo_t:process { setcurrent };
libsepol.check_assertion_helper: assertion on line 0 violated by allow staff_sudo_t staff_sudo_t:process { setcurrent };
libsepol.check_assertion_helper: assertion on line 0 violated by allow sysadm_sudo_t sysadm_sudo_t:process { setcurrent };
libsepol.check_assertions: 3 assertion violations occured
libsemanage.semanage_expand_sandbox: Expand module failed
semodule: Failed!
Looks like 1 issue left in sudo.pp generating 3 asserts (the upgrade to
libsepol 1.11.12 cleared 18 others). Haven't dug in yet whether this is
another manifestation of the same/similar bug, or an actual sudo.pp issue. (in
either case, "on line 0" is a busticated message...)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-selinux-list/attachments/20060203/c9e2179b/attachment.sig>
More information about the fedora-selinux-list
mailing list