Bug 2133042

Summary: setsebool persistent fails due to stalld_var_run_t not defined error
Product: [Fedora] Fedora Reporter: Michael Cronenworth <mike>
Component: selinux-policyAssignee: Zdenek Pytela <zpytela>
Status: CLOSED DUPLICATE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 36CC: dwalsh, grepl.miroslav, lvrabec, mmalik, omosnacek, pkoncity, vmojzis, zpytela
Target Milestone: ---Keywords: Triaged
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-10-22 03:16:53 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
command line output none

Description Michael Cronenworth 2022-10-07 15:51:55 UTC 
Description of problem:
[root@foobar michael]# setsebool -P httpd_can_network_connect 1
libsepol.context_from_record: type stalld_var_run_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert system_u:object_r:stalld_var_run_t:s0 to sid
invalid context system_u:object_r:stalld_var_run_t:s0
Failed to commit changes to booleans: Success

I have tried removing the selinux policy and reinstalling. No change.


Version-Release number of selected component (if applicable):
selinux-policy-targeted-36.15-1.fc36.noarch



How reproducible:
Always


Steps to Reproduce:
1. Any setsebool with persistent command
2.
3.

Actual results:
Persistent setting not saved.


Expected results:
Persistent setting saved.


Additional info:
Comment 1 Zdenek Pytela 2022-10-07 16:17:28 UTC 
Michael,

stall is confined since v36.7 and no problems were reported so far, neither can I reproduce your issue. Are you aware of custom changes made on your system?

# semodule -lfull | grep stalld
# semodule -lfull | grep -v ^100
# semanage export
Comment 2 Milos Malik 2022-10-07 16:18:59 UTC 
I believe there is a broken policy module present on your machine and the module is causing the issue.

The use of "setsebool -P ..." command leads to a recompilation of policy which hits the broken policy module (undefined types or dependency problem).

Please run the following commands on your machine and attach their output to this BZ:

# rpm -qa | grep selinux
# semodule -lfull

Thank you.
Comment 3 Michael Cronenworth 2022-10-07 16:41:08 UTC 
Created attachment 1916745 [details]
command line output

I am attaching the command line output from all of the requested commands.

It should be noted this system is an upgraded system from earlier Fedora versions. Version 30 was the initial install and it was upgraded with dnf system-upgrade to every next version.
Comment 4 Michael Cronenworth 2022-10-22 03:16:53 UTC 
It is caused by bug 2056303 and the workarounds described there fixed the issue. Removing the "bad" flatpak module and reinstalling fixed it. Sorry, but it was hard to Google the solution. I finally found it and it works.

*** This bug has been marked as a duplicate of bug 2056303 ***