Bug 1391620

Summary: sepolicy does not list all booleans from another store
Product: Red Hat Enterprise Linux 7 Reporter: Dalibor Pospíšil <dapospis>
Component: policycoreutilsAssignee: Vit Mojzis <vmojzis>
Status: CLOSED WONTFIX QA Contact: Dalibor Pospíšil <dapospis>
Severity: medium Docs Contact:
Priority: low    
Version: 7.3CC: dwalsh, lvrabec, mgrepl, mmalik, plautrba, ssekidde, zpytela
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2019-02-27 13:55:19 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Dalibor Pospíšil 2016-11-03 15:54:53 UTC 
Description of problem:

If the other store contains a boolean which does not exist in the active policy sepolicy -P .. booleans -a does not list it.

The root cause might be the same as in bz1391605.

# rpm -qa | grep -e selinux-policy -e policycoreutils
selinux-policy-devel-3.13.1-60.el7.noarch
selinux-policy-mls-3.13.1-102.el7.noarch
policycoreutils-newrole-2.5-9.el7.x86_64
policycoreutils-2.5-9.el7.x86_64
policycoreutils-devel-2.5-9.el7.x86_64
selinux-policy-3.13.1-102.el7.noarch
selinux-policy-targeted-3.13.1-102.el7.noarch
policycoreutils-python-2.5-9.el7.x86_64

# cat > mypolicy.cil << EOF
(boolean xyz false)
EOF

# semodule -i mypolicy.cil -s mls

# seinfo -b /etc/selinux/mls/policy/policy.30 | grep xyz
   xyz

# sepolicy -P /etc/selinux/mls/policy/policy.30 booleans -a | grep xyz
#
Comment 2 Zdenek Pytela 2019-02-27 13:55:19 UTC 
This issue was not selected to be included in Red Hat Enterprise Linux 7.7 because it is seen either as low or moderate impact to a small number of use-cases. The next release will be in Maintenance Support 1 Phase, which means that qualified Critical and Important Security errata advisories (RHSAs) and Urgent Priority Bug Fix errata advisories (RHBAs) may be released as they become available.

We will now close this issue, but if you believe that it qualifies for the Maintenance Support 1 Phase, please re-open; otherwise, we recommend moving the request to Red Hat Enterprise Linux 8 if applicable.