Discussion:
Facing problem while running the audit2allow command
Aman Sharma
2018-02-15 05:00:10 UTC
Permalink
Hi All,

I am getting one issue while running the command *audit2allow *and below is
the
logs for the same :

After switching back to lower version, running "audit2allow -a" command
show below errors repeteadly and the command does not return:
libsepol.context_from_record: invalid security context:
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023 to sid
libsepol.context_from_record: invalid security context:
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023 to sid
libsepol.context_from_record: invalid security context:
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure

And also Unconfined is disabled in my System and I am suspecting that after
disabling , I am getting the above errors. Can anybody help me on this.

Please let me know if any comments are there.
--
Thanks
Aman
Cell: +91 9990296404 | Email ID : ***@gmail.com
Stephen Smalley
2018-02-15 20:47:35 UTC
Permalink
Post by Aman Sharma
Hi All,
I am getting one issue while running the command audit2allow and
below is the
After switching back to lower version, running "audit2allow -a"
command show below errors repeteadly and the command does not
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023 to sid
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert
sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023 to sid
"sysadm_u:system_r:unconfined_java_t:s0-s0:c0.c1023"
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
And also Unconfined is disabled in my System and I am suspecting that
after disabling , I am getting the above errors. Can anybody help me
on this.
Please let me know if any comments are there.
This is normal; you have old audit records from when your policy
included unconfined, and now that you have removed unconfined,
audit2allow can't process those audit records. However, it won't stop
working; it just continues to process any remaining audit records that
are valid. You can delete your old audit logs if you want to avoid the
noise. Or you can feed audit2allow only recent audit records, e.g.
ausearch -m AVC -ts today | audit2allow
to process today's audit records.

Continue reading on narkive:
Loading...