1008851 – setsebool cannot set known booleans if -P is used

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1008851 - setsebool cannot set known booleans if -P is used

Summary: setsebool cannot set known booleans if -P is used

Keywords:
Status:	CLOSED DUPLICATE of bug 998974
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	6.5
Hardware:	Unspecified
OS:	Linux
Priority:	unspecified
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Daniel Walsh
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2013-09-17 07:59 UTC by Sumit Bose
Modified:	2013-09-17 11:44 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2013-09-17 11:44:56 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1007606	0	urgent	CLOSED	ipa-server-install failing with fault 907 during ipa-client-install phase	2021-02-22 00:41:40 UTC

Internal Links: 1007606

Description Sumit Bose 2013-09-17 07:59:59 UTC

Description of problem:
While testing IPA on 6.5 the IPA QE found found error messages like

2013-09-17T02:01:47Z DEBUG args=/usr/sbin/setsebool -P httpd_can_network_connect=on httpd_manage_ipa=on
2013-09-17T02:01:47Z DEBUG stdout=
2013-09-17T02:01:47Z DEBUG stderr=Boolean httpd_can_network_connect is not defined

and

2013-09-17T02:03:36Z DEBUG args=/usr/sbin/setsebool -P samba_portmapper=true
2013-09-17T02:03:36Z DEBUG stdout=
2013-09-17T02:03:36Z DEBUG stderr=Boolean samba_portmapper is not defined

in the log files of the IPA installation. After the installation the same could be seen on the command line:

]# /usr/sbin/setsebool -P samba_portmapper true
Boolean samba_portmapper is not defined
# semanage boolean -l | grep samba_portmapper
samba_portmapper               (aus  ,  aus)  Allow samba to act as a portmapper

After setting the boolean with semange everything is working as expected

# semanage boolean --on samba_portmapper
# getsebool samba_portmapper
samba_portmapper --> on
# setsebool samba_portmapper false
# getsebool samba_portmapper
samba_portmapper --> off
# setsebool -P samba_portmapper false
# /usr/sbin/setsebool -P samba_portmapper true
# getsebool samba_portmapper
samba_portmapper --> on

But only for the boolean touch by semanage others still fail if the -P option is used:

# /usr/sbin/setsebool -P httpd_manage_ipa true
Boolean httpd_manage_ipa is not defined
# /usr/sbin/setsebool  httpd_manage_ipa true
# /usr/sbin/setsebool -P httpd_manage_ipa true
Boolean httpd_manage_ipa is not defined
# /usr/sbin/getsebool httpd_manage_ipa
httpd_manage_ipa --> on
# /usr/sbin/setsebool -P httpd_manage_ipa true
Boolean httpd_manage_ipa is not defined



Version-Release number of selected component (if applicable):
policycoreutils-2.0.83-19.34.el6.x86_64


How reproducible:


Steps to Reproduce:
see above


Actual results:
setsebool -P cannot set a SELinux boolean

Expected results:
setsebool -P can set SELinux boolean

Additional info:
the same issue was observed by other team members while testing on RHEL7

Comment 2 Miroslav Grepl 2013-09-17 11:44:56 UTC


*** This bug has been marked as a duplicate of bug 998974 ***

Note You need to log in before you can comment on or make changes to this bug.