Fedora 31 Selinux MLS problems and errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I try to use the Selinux MLS with Fedora 31, 
After relabel the files and start the environment I get multiple errors...
This is one example of the MLS issue.

SELinux is preventing su from open access on the file /var/log/lastlog.

*****  Plugin catchall (100. confidence) suggests   **************************

If you believe that su should be allowed open access on the lastlog file by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'su' --raw | audit2allow -M my-su
# semodule -X 300 -i my-su.pp

I try to fix it but I got this error

[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename mounton } ((l1 eq l2 -Fail-)  or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom l2 -Fail-)  and (l1 domby l2)  or (t2 == mlsfilewriteinrange -Fail-)  and (l1 dom l2 -Fail-)  an
#	mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 == mlsfilereadtoclr -Fail-)  and (h1 dom l2 -Fail-)  or (t1 == mlsfileread -Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
[root@desk mythcat]# ausearch -c 'su' --raw | audit2allow -M my-su
compilation failed:
my-su.te:36:ERROR 'syntax error' at token 'mlsconstrain' on line 36:
mlsconstrain file { write create setattr relabelfrom append unlink link rename mounton } ((l1 eq l2 -Fail-)  or (t1 == mlsfilewritetoclr -Fail-)  and (h1 dom l2 -Fail-)  and (l1 domby l2)  or (t2 == mlsfilewriteinrange -Fail-)  and (l1 dom l2 -Fail-)  an
#	mlsconstrain file { read getattr execute } ((l1 dom l2 -Fail-)  or (t1 == mlsfilereadtoclr -Fail-)  and (h1 dom l2 -Fail-)  or (t1 == mlsfileread -Fail-)  or (t2 == mlstrustedobject -Fail-) ); Constraint DENIED
/usr/bin/checkmodule:  error(s) encountered while parsing configuration
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux