Not to be fixed
Created: Jun 12, 2014
Updated: Apr 28, 2018
Resolved Date: Apr 17, 2018
Found In Version: 6.0.0.8.SP27
Severity: Standard
Applicable for: Wind River Linux 6
The error is the same with SCP6-314.
The issue has been fixed on qemuarma9+secure+secure-platform, but still occurred on standard kernel.
The following issue is found on qemuarma9-standard-secure-platform:
[root/sysadm_r/s0@qemu124 ~]# newrole -r auditadm_r -l s15:c0.c1023
Password:
[root/auditadm_r/s15:c0.c1023@qemu124 ~]# /sbin/ospp/setup -a
Assuming the auditadm_r role with the clearance security level,
please enter auditadm_r password for newrole if prompted.
Password:
Notice:
If only some of the OSPP audit rules are active, there are likely
invalid or inapplicable rules in /etc/audit/audit.rules, such as
references to files which do not exist, or a rule being specific
to a different CPU architecture. You should comment out invalid
audit rules until audit.rules can be reloaded successfully by
the auditctl command.
Press y/Y key to continue: y
Assuming the secadm_r role and temporarily disabling enforcement.
Password:
Updating audit rules...Password:
Policy enforcement re-enabled.
complete
Restoring context in /etc/audit...
Password:
complete
Attempting to load audit rules...No rules
AUDIT_STATUS: enabled=1 flag=1 pid=309 rate_limit=0 backlog_limit=8192 lost=0 backlog=0
AUDIT_STATUS: enabled=1 flag=2 pid=309 rate_limit=0 backlog_limit=8192 lost=0 backlog=0
Error sending add rule data request (Invalid argument)
There was an error in line 28 of /etc/audit/audit.rules
ALERT:
Unable to load rules from /etc/audit/audit.rules
We can start an interactive editor to allow you
correct any errors reported above.
Do you wish to proceed? [Y/n]
Use --enable-kernel=secure
wrlinux/configure --enable-board=qemuarma9 --enable-kernel=standard --enable-rootfs=secure-platform --enable-bootimage=ext3,ext4 --with-sstate-dir=/buildarea1/build/SSTATE_CACHE --enable-parallel-pkgbuilds=8 --enable-jobs=8
make fs
ospp setup:
1, the first boot
Append "single enforcing=0 selinux=1" to kernel boot arguments and boot.
For example:
make start-target TOPTS="-m 1024 -in 121" TARGET_VIRT_BOOT_TYPE=disk TARGET_QEMU_KERNEL_OPTS='root=/dev/mmcblk0 rw selinux=1 enforcing=0 single' EX_TARGET_QEMU_OPTS='-sd $PWD/export/*-dist.ext4'
Run following command:
# /sbin/ospp/setup -r
2, the second boot
Remove "single enforcing=0" but preserve "selinux=1" in kernel command line.
Run following command:
# /sbin/ospp/setup -o
Input newrole password: root
Input the new staff user, such as: test1
3, the third boot
Keep the same opts as the 2nd one.
Run following command:
# /sbin/ospp/setup -a
Input "root" as password several time as required.
