Bug 1391605

Summary: Error when listing booleans from another store using semanage
Product: Red Hat Enterprise Linux 7 Reporter: Dalibor Pospíšil <dapospis>
Component: policycoreutilsAssignee: Vit Mojzis <vmojzis>
Status: CLOSED ERRATA QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.3CC: dwalsh, lvrabec, mmalik, plautrba, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1124345 Environment:
Last Closed: 2019-08-06 13:00:15 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1124345    
Bug Blocks:    

Description Dalibor Pospíšil 2016-11-03 15:44:23 UTC 
+++ This bug was initially created as a clone of Bug #1124345 +++

Description of problem:

If the other store contains a boolean which does not exist in the active policy semanage boolean -l produces an error.

This is caused by getting current statue for the boolean which actually does not exist in active policy.

Therefore I would propose to changes the output  of semanage boolean -l so it put e.g. '-' in the 'state' column if listing non-active store as it is misleading anyway.

# rpm -qa | grep -e selinux-policy -e policycoreutils
selinux-policy-devel-3.13.1-60.el7.noarch
selinux-policy-mls-3.13.1-102.el7.noarch
policycoreutils-newrole-2.5-9.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
selinux-policy-3.13.1-102.el7.noarch
selinux-policy-targeted-3.13.1-102.el7.noarch
policycoreutils-python-2.5-9.el7.x86_64

# cat > mypolicy.cil << EOF
(boolean xyz false)
EOF

# semodule -i mypolicy.cil -s mls

# seinfo -b /etc/selinux/mls/policy/policy.30 | grep xyz
   xyz

# semanage boolean -l -S mls
...
irssi_use_full_network         (off  ,  off)  Allow the Irssi IRC Client to connect to any port, and to bind to any unreserved port.
mozilla_plugin_use_bluejeans   (off  ,  off)  Allow mozilla plugin to use Bluejeans.
OSError: No such file or directory
Comment 9 errata-xmlrpc 2019-08-06 13:00:15 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2160