From patchwork Mon Aug 8 08:13:26 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vit Mojzis X-Patchwork-Id: 9266907 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id DDC8C60839 for ; Mon, 8 Aug 2016 08:14:34 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id CEF2427BA5 for ; Mon, 8 Aug 2016 08:14:34 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id C37FC27F99; Mon, 8 Aug 2016 08:14:34 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=2.0 tests=BAYES_00 autolearn=ham version=3.3.1 Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id 781C127BA5 for ; Mon, 8 Aug 2016 08:14:32 +0000 (UTC) X-IronPort-AV: E=Sophos;i="5.28,489,1464652800"; d="scan'208";a="16368480" IronPort-PHdr: =?us-ascii?q?9a23=3A96xv0BA0Xj9Y6qSYKaxNUyQJP3N1i/DPJgcQr6Af?= =?us-ascii?q?oPdwSP74rsbcNUDSrc9gkEXOFd2CrakV06yH6+jJYi8p2d65qncMcZhBBVcuqP?= =?us-ascii?q?49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL2PbrnD61zMOABK3bVMz?= =?us-ascii?q?fbWtXN+Kx+2MlMmKs6XJZAtJgDfvKZhTFz6R6Tvri88NnIF5IbwwwBaa6lFBeu?= =?us-ascii?q?BR2H86bQnLx0W02920tKJH32wQ/qt5tp0IbaKvZKk8TLpFHBw6Ims144vtrhCF?= =?us-ascii?q?QgyRtVUGVWBDrBtUSy3C7gP7Rd+lrC79tPh8wwGAMMH2RKxyUjOnufQ4ACT0gT?= =?us-ascii?q?sKYmZquFrcjdZ92ecC+B8=3D?= X-IPAS-Result: =?us-ascii?q?A2G1BQDhPqhX/wHyM5BdHAEBgydWfLsDIguBboU/TAEBAQE?= =?us-ascii?q?BAQICWieCMgQDEQk5ECsqAg0iRAI3FCAOAwkCFykICAMBLRUfCwUYBIgQDsJcA?= =?us-ascii?q?SSGKohdAhEBaIUPBYgchzKJa4YdiG0CgjeHM4VVApAsVIISHIFObAGFeQ8XgR8?= =?us-ascii?q?BAQE?= Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1]) by emsm-gh1-uea10.nsa.gov with ESMTP; 08 Aug 2016 08:14:30 +0000 Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u788DZnR011195; Mon, 8 Aug 2016 04:13:47 -0400 Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil [144.51.242.1]) by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id u788DNsE036368 for ; Mon, 8 Aug 2016 04:13:23 -0400 Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250]) by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u788DY2Q011193 for ; Mon, 8 Aug 2016 04:13:34 -0400 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: A1DJAAD4PahXhxy3hNFdHIN/fKVnggIBjxaEDBQQhXmBNEwBAQEBAQETAQEBCgsJCRmGDYFRiDEOwk8BMIYqiF18hQ8FiByHMolrhh2IbQKCN40IApAsghVREQuBTjoyAYV5gUUBAQE X-IPAS-Result: A1DJAAD4PahXhxy3hNFdHIN/fKVnggIBjxaEDBQQhXmBNEwBAQEBAQETAQEBCgsJCRmGDYFRiDEOwk8BMIYqiF18hQ8FiByHMolrhh2IbQKCN40IApAsghVREQuBTjoyAYV5gUUBAQE X-IronPort-AV: E=Sophos;i="5.28,489,1464667200"; d="scan'208";a="5630056" Received: from emsm-gh1-uea11.corp.nsa.gov (HELO emsm-gh1-uea11.nsa.gov) ([10.208.41.37]) by goalie.tycho.ncsc.mil with ESMTP; 08 Aug 2016 04:16:52 -0400 IronPort-PHdr: =?us-ascii?q?9a23=3AqndnMhTEIyGekGi+klTSMM+rXNpsv+yvbD5Q0YIu?= =?us-ascii?q?jvd0So/mwa64ZhCN2/xhgRfzUJnB7Loc0qyN4vimCDRIyK3CmUhKSIZLWR4BhJ?= =?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?= =?us-ascii?q?brysXNWD14Lmj6ibwN76W01wnj2zYLd/fl2djD76kY0ou7ZkMbs70RDTo3FFKK?= =?us-ascii?q?x8zGJsIk+PzV6nvp/jtM0rzyMFoP8l9shdQY3mbq84SvpeFz1gPGcrt+PxshyW?= =?us-ascii?q?cwqTrl4bUHcXiVIcHQ3C7gP7Rb/rvyf6v/Y70y6fa56lBYsoUCivuv84ACTjjz?= =?us-ascii?q?0KYmY0?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0H6AQChPqhXhxy3hNFdhBt8pWeCAgGPF?= =?us-ascii?q?oQMFBCBboQLgTRMAQEBAQEBAgIPAQEBCgsJCRkvgjIWCzkQKyoCDSKBPIFRiDE?= =?us-ascii?q?OwlABMIYqiF18hQ8FiByHMolrhh2IbQKCN40IApAsgmYRC4FOOjIBhXmBRQEBA?= =?us-ascii?q?Q?= X-IPAS-Result: =?us-ascii?q?A0H6AQChPqhXhxy3hNFdhBt8pWeCAgGPFoQMFBCBboQLgTR?= =?us-ascii?q?MAQEBAQEBAgIPAQEBCgsJCRkvgjIWCzkQKyoCDSKBPIFRiDEOwlABMIYqiF18h?= =?us-ascii?q?Q8FiByHMolrhh2IbQKCN40IApAsgmYRC4FOOjIBhXmBRQEBAQ?= X-IronPort-AV: E=Sophos;i="5.28,489,1464652800"; d="scan'208";a="18284189" Received: from mx1.redhat.com ([209.132.183.28]) by emsm-gh1-uea11.nsa.gov with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 08 Aug 2016 08:13:31 +0000 Received: from int-mx13.intmail.prod.int.phx2.redhat.com (int-mx13.intmail.prod.int.phx2.redhat.com [10.5.11.26]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C8DBD8E3E5 for ; Mon, 8 Aug 2016 08:13:31 +0000 (UTC) Received: from localhost.localdomain.com ([10.40.3.29]) by int-mx13.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u788DUv8008877; Mon, 8 Aug 2016 04:13:30 -0400 From: Vit Mojzis To: selinux@tycho.nsa.gov Subject: [PATCH] setroubleshoot: Fix sealert message for capability2 Date: Mon, 8 Aug 2016 10:13:26 +0200 Message-Id: <1470644006-8191-1-git-send-email-vmojzis@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.26 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Mon, 08 Aug 2016 08:13:31 +0000 (UTC) X-BeenThere: selinux@tycho.nsa.gov X-Mailman-Version: 2.1.20 Precedence: list List-Id: "Security-Enhanced Linux \(SELinux\) mailing list" List-Post: List-Help: MIME-Version: 1.0 Errors-To: selinux-bounces@tycho.nsa.gov Sender: "Selinux" X-Virus-Scanned: ClamAV using ClamSMTP Sealert didn't know "capability2" class which caused capability2 denials (e.g. block_suspend) to be reported as "access" denials. fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1360392 type=AVC msg=audit(1468324670.938:596175): avc: denied { block_suspend } for pid=8442 comm="smtp" capability=36 scontext=system_u:system_r:postfix_smtp_t:s0 tcontext=system_u:system_r:postfix_smtp_t:s0 tclass=capability2 SELinux is preventing smtp from block_suspend access on the capability2 Unknown. Signed-off-by: Vit Mojzis Signed-off-by: Vit Mojzis --- framework/src/setroubleshoot/signature.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/framework/src/setroubleshoot/signature.py b/framework/src/setroubleshoot/signature.py index 77ecc35..1f60c74 100755 --- a/framework/src/setroubleshoot/signature.py +++ b/framework/src/setroubleshoot/signature.py @@ -212,6 +212,7 @@ class_dict['process'] = _("process") class_dict['filesystem'] = _("filesystem") class_dict['node'] = _("node") class_dict['capability'] = _("capability") +class_dict['capability2'] = _("capability2") def translate_class(tclass): if tclass in list(class_dict.keys()): @@ -447,7 +448,7 @@ class SEFaultSignatureInfo(XmlSerialize): if self.tclass == "process": return P_(_("SELinux is preventing %s from using the %s access on a process."), _("SELinux is preventing %s from using the '%s' accesses on a process."), len(self.sig.access)) % (self.spath, ", ".join(self.sig.access)) - if self.tclass == "capability": + if self.tclass in ["capability", "capability2"]: return P_(_("SELinux is preventing %s from using the %s capability."), _("SELinux is preventing %s from using the '%s' capabilities."), len(self.sig.access)) % (self.spath, ", ".join(self.sig.access)) if self.tpath == "(null)": return P_(_("SELinux is preventing %s from %s access on the %s labeled %s."), _("SELinux is preventing %s from '%s' accesses on the %s labeled %s."), len(self.sig.access)) % (self.spath, ", ".join(self.sig.access), translate_class(self.tclass), self.tcontext.type)