Bug 1288696

Summary: Update of selinux-policy-targeted policy removes locally set security rules
Product: [Fedora] Fedora Reporter: Marek Greško <marek.gresko>
Component: selinux-policyAssignee: Miroslav Grepl <mgrepl>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: high    
Version: 23CC: dominick.grift, dwalsh, lvrabec, marek.gresko, mgrepl, plautrba
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-12-15 15:20:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Marek Greško 2015-12-05 07:02:53 UTC 
Description of problem:
Update of selinux-policy-targeted policy removes locally set security rules.

Version-Release number of selected component (if applicable):
All version contained in Fedora 23.

How reproducible:
After every dnf update containing new selinux-policy-targeted package.

Steps to Reproduce:
1. Create some local rules by using semanage fcontext.
2. Rules are contained in /etc/selinux/targeted/context/files/file_contexts.local file.
3. After selinux-policy-targeted update the file /etc/selinux/targeted/context/files/file_contexts.local does not contain created rules.

Actual results:
Locally created rules do not survive selinux-policy-targeted update since upgrade to Fedora 23.

Expected results:
Locally created rules survive selinux-policy-targeted update.

Additional info:
Comment 1 Miroslav Grepl 2015-12-07 20:45:19 UTC 
We added fixes for this issue. What does

rpm -qf selinux-policy-targeted
Comment 2 Marek Greško 2015-12-10 19:22:13 UTC 
Command rpm -qf selinux-policy-targeted is non-sense. It would try to detect package which owns selinux-policy-targeted file.

You probably mean rpm -qi selinux-policy-targeted:

Name        : selinux-policy-targeted
Version     : 3.13.1
Release     : 155.fc23
Architecture: noarch
Install Date: Pi 27. november 2015, 08:03:11 CET
Group       : System Environment/Base
Size        : 11231582
License     : GPLv2+
Signature   : RSA/SHA256, Ne 22. november 2015, 02:02:05 CET, Key ID 32474cf834ec9cba
Source RPM  : selinux-policy-3.13.1-155.fc23.src.rpm
Build Date  : Pi 20. november 2015, 14:08:41 CET
Build Host  : arm02-builder01.arm.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://github.com/TresysTechnology/refpolicy/wiki
Summary     : SELinux targeted base policy
Description :
SELinux Reference policy targeted base module.

I fixed permissions on 9-th of November 2015 and the issue appeared again. I am not sure whether it was caused by latest update on 27-th of November. Maybe another update between the dates caused it. Was there some update these days and was the bug fixed afterwards?
Comment 3 Marek Greško 2015-12-13 21:52:42 UTC 
Issue appeared again with fresh update today. I updated to selinux-policy-targeted-3.13.1-157.fc23.noarch.
Comment 4 Miroslav Grepl 2015-12-15 13:16:03 UTC 
Ok this is a different issue.
Comment 5 Lukas Vrabec 2015-12-15 15:20:17 UTC 

*** This bug has been marked as a duplicate of bug 1291601 ***