Bug 1397713

Summary: semanage does not always report errors when adding/removing hard-wired fcontext patterns
Product: Red Hat Enterprise Linux 6 Reporter: Milos Malik <mmalik>
Component: policycoreutilsAssignee: Petr Lautrbach <plautrba>
Status: CLOSED NOTABUG QA Contact: Milos Malik <mmalik>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.9CC: dwalsh, lvrabec, mgrepl, mmalik, plautrba, ssekidde
Target Milestone: rc   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1396902 Environment:
Last Closed: 2016-11-24 13:00:08 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Milos Malik 2016-11-23 08:53:47 UTC
Description of problem:
* if the fcontext pattern is defined in policy then adding the same pattern should always result in an error message
* if the fcontext pattern is defined in policy and cannot be deleted then every attempt to remove such fcontext pattern should result in an error message

Version-Release number of selected component (if applicable):
policycoreutils-python-2.0.83-30.1.el6_8.x86_64
policycoreutils-2.0.83-30.1.el6_8.x86_64

How reproducible:
* always

Steps to Reproduce:
# semanage fcontext -l | grep /var/log/httpd
/var/log/httpd(/.*)?                               all files          system_u:object_r:httpd_log_t:s0 
# semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?'
libsemanage.dbase_llist_query: could not query record value (No such file or directory).
# semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?'
# semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?'
# semanage fcontext -l | grep /var/log/httpd
/var/log/httpd(/.*)?                               all files          system_u:object_r:httpd_log_t:s0 
# semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?'
# semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?'
/usr/sbin/semanage: File context for /var/log/httpd(/.*)? is defined in policy, cannot be deleted
# semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?'
/usr/sbin/semanage: File context for /var/log/httpd(/.*)? is defined in policy, cannot be deleted
#

Comment 1 Petr Lautrbach 2016-11-24 13:00:08 UTC
Red Hat Enterprise Linux version 6 is in the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.

This issue is fixed in Red Hat Enterprise Linux version 7.

Comment 2 Petr Lautrbach 2016-11-29 09:40:21 UTC
I was wrong. This is actually a correct behavior, see https://bugzilla.redhat.com/show_bug.cgi?id=1398427