Bug 1260879

Summary: Setsebool for "ssh_chroot_rw_homedirs" doesn't work across several reboots
Product: Red Hat Enterprise Linux 6 Reporter: Sushma <starangel.rai>
Component: policycoreutilsAssignee: Petr Lautrbach <plautrba>
Status: CLOSED WORKSFORME QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.8CC: dwalsh, lvrabec, mgrepl, mmalik, plautrba, pvrabec, ssekidde, starangel.rai
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-09-11 13:53:22 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Sushma 2015-09-08 07:05:10 UTC 
Description of problem:
The command below when use without "-P" option doesn't work
setsebool -P ssh_chroot_rw_homedirs on


Version-Release number of selected component (if applicable):


How reproducible:
Run the command setsebool -P ssh_chroot_rw_homedirs on (provided ssh_chroot_rw_homedirs is off  )

Steps to Reproduce:
1.set ssh_chroot_rw_homedirs to off
2.Run setsebool -P ssh_chroot_rw_homedirs on
3.Check the status :
sestatus -b | grep ssh_chroot_rw_homedirs
It will be still off.

Actual results:
sestatus -b | grep ssh_chroot_rw_homedirs gives "off" status


Expected results:
sestatus -b | grep ssh_chroot_rw_homedirs should give "on" status

Additional info:
Comment 2 Milos Malik 2015-09-08 08:02:26 UTC 
# setsebool -P ssh_chroot_rw_homedirs off
# getsebool ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs --> off
# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      off
# semanage boolean -l | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs         (off  ,  off)  Allow ssh with chroot env to read and write files in the user home directories
# setsebool -P ssh_chroot_rw_homedirs on
# getsebool ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs --> on
# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      on
# semanage boolean -l | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs         (on   ,   on)  Allow ssh with chroot env to read and write files in the user home directories
# 

It works as expected on RHEL-6.7. Which version of policycoreutils do you have?

# rpm -qf `which setsebool`
policycoreutils-2.0.83-24.el6.x86_64
#
Comment 3 Sushma 2015-09-08 08:35:37 UTC 
policycoreutils version is :


policycoreutils-2.0.83-19.47.el6.x86_64
Comment 4 Petr Lautrbach 2015-09-11 13:53:22 UTC 
I confirm comment 2, it works as expected:


[root@plautrba-rhel-6 ~]# setsebool -P ssh_chroot_rw_homedirs on
[root@plautrba-rhel-6 ~]# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      on
[root@plautrba-rhel-6 ~]# setsebool -P ssh_chroot_rw_homedirs off
[root@plautrba-rhel-6 ~]# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      off
[root@plautrba-rhel-6 ~]# rpm -qf /usr/sbin/setsebool 
policycoreutils-2.0.83-19.47.el6_6.1.x86_64



If it doesn't still work for you with he latest updates and can provide another reproducer, feel free to reopen this bug.