On 05/29/2018 07:39 AM, bhawna goel wrote: > Hi Team, > > We are getting below error while creating policies using command audit2allow.orig. Can you help in identifying what could be the possible reason of such error. > > Error: > libsepol.context_from_record: invalid security context: "specialuser_u:system_r:ssh_t:s0" > libsepol.context_from_record: could not create context structure > libsepol.context_from_string: could not create context structure > libsepol.sepol_context_to_sid: could not convert specialuser_u:system_r:ssh_t:s0 to sid This means that a security context from the avc messages that you fed into audit2allow (or read from the audit logs) is not valid under the currently loaded policy, e.g. specialuser_u might not be defined or it might not be authorized for the system_r role. This commonly happens when you take avc denials / audit logs from one system and try to apply audit2allow to them on a different system with a different policy, or if the denials occurred while a different policy was loaded. You can specify a policy to audit2allow via -p and have it use that policy when decoding the security contexts. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
