Bug 1400482
Summary: | semanage node --extract does not print MLS/MCS security range | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Milos Malik <mmalik> | |
Component: | policycoreutils | Assignee: | Vit Mojzis <vmojzis> | |
Status: | CLOSED ERRATA | QA Contact: | Milos Malik <mmalik> | |
Severity: | medium | Docs Contact: | ||
Priority: | medium | |||
Version: | 7.3 | CC: | dwalsh, lvrabec, mmalik, plautrba, ssekidde | |
Target Milestone: | rc | |||
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | policycoreutils-2.5-31.el7 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 1400550 (view as bug list) | Environment: | ||
Last Closed: | 2019-08-06 13:00:15 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Description
Milos Malik
2016-12-01 10:47:12 UTC
The same issue is reproducible with semanage interface: # seinfo --netifcon Netifcon: 1 netifcon xyz system_u:object_r:netif_t:s0 - s0:c0.c1 system_u:object_r:netif_t:s0 - s0:c0.c1 # semanage interface -l SELinux Interface Context xyz system_u:object_r:netif_t:s0-s0:c0,c1 # semanage interface -E interface -a -t netif_t xyz # My guess is that all semanage sub-commands which support -E, --extract options suffer from this issue: # semanage fcontext -l -C # semanage fcontext -a -t tmp_t -r s0:c0.c1 /pokus # semanage fcontext -l -C SELinux fcontext type Context /pokus all files system_u:object_r:tmp_t:s0:c0.c1 # semanage export boolean -D login -D interface -D user -D port -D node -D fcontext -D module -D fcontext -a -f a -t tmp_t '/pokus' # semanage fcontext -E fcontext -a -f a -t tmp_t '/pokus' # The export sub-command of semanage does not print the MLS/MCS security range either. Because the export option for user and login sub-command prints MLS/MCS security range: # semanage user -E user -a -L s0 -r s0 -R 'user_r' user_u user -a -L s0 -r s0 -R 'xguest_r' xguest_u # semanage login -E login -a -s unconfined_u -r 's0-s0:c0.c1023' __default__ login -a -s guest_u -r 's0' guest-user login -a -s staff_u -r 's0-s0:c0.c1023' staff-user login -a -s user_u -r 's0' user-user login -a -s xguest_u -r 's0' xguest login -a -s xguest_u -r 's0' xguest-user # it would be great if the export option also printed MLS/MCS range in case of other sub-commands. Otherwise the export/import mechanism looses information. # grep semanage /usr/libexec/selinux/selinux-policy-migrate-local-changes.sh if [ -x /usr/sbin/semanage ]; then /usr/sbin/semanage export | /usr/sbin/semanage import # Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2160 |