1124345 – Error when listing booleans using semanage from another storage

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1124345 - Error when listing booleans using semanage from another storage

Summary: Error when listing booleans using semanage from another storage

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	policycoreutils
Sub Component:
Version:	6.6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Lautrbach
QA Contact:	Milos Malik
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1391605
TreeView+	depends on / blocked

Reported:	2014-07-29 09:43 UTC by Michal Trunecka
Modified:	2016-11-03 15:44 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Clones:	1391605 (view as bug list)
Environment:
Last Closed:	2016-01-19 15:49:29 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Michal Trunecka 2014-07-29 09:43:00 UTC

Description of problem:

When running semanage boolean -S mls -l, it prints only handful of booleans and then fails with /usr/sbin/semanage: No such file or directory:

(Works fine on RHEL7)

# semanage boolean -S mls -l
SELinux boolean                State  Default Description

ftp_home_dir                   (on   ,   on)  Allow ftp to read and write files in the user home directories
smartmon_3ware                 (off  ,  off)  Enable additional permissions needed to support devices on 3ware controllers.
xdm_sysadm_login               (off  ,  off)  Allow xdm logins as sysadm
xen_use_nfs                    (off  ,  off)  Allow xen to manage nfs files
mozilla_read_content           (off  ,  off)  Control mozilla content access
ssh_chroot_rw_homedirs         (off  ,  off)  Allow ssh with chroot env to read and write files in the user home directories
postgresql_can_rsync           (off  ,  off)  Allow postgresql to use ssh and rsync for point-in-time recovery
allow_console_login            (on   ,  off)  Allow direct login to the console device. Required for System 390
spamassassin_can_network       (off  ,  off)  Allow user spamassassin clients to use the network.
authlogin_shadow               (off  ,  off)  Allow users login programs to access /etc/shadow.
httpd_can_network_relay        (off  ,  off)  Allow httpd to act as a relay
openvpn_enable_homedirs        (on   ,  off)  Allow openvpn to read home directories
allow_execheap                 (off  ,  off)  Allow unconfined executables to make their heap memory executable.  Doing this is a really bad idea. Probably indicates a badly coded executable, but could indicate an attack. This executable should be reported in bugzilla
telepathy_tcp_connect_generic_network_ports (off  ,  off)  Allow the Telepathy connection managers to connect to any generic TCP port.
tor_bind_all_unreserved_ports  (off  ,  off)  Allow tor daemon to bind tcp sockets to all unreserved ports.
httpd_can_network_connect_db   (off  ,  off)  Allow HTTPD scripts and modules to connect to databases over the network.
xguest_connect_network         (on   ,   on)  Allow xguest to configure Network Manager and connect to apache ports
allow_user_mysql_connect       (off  ,  off)  Allow users to connect to mysql
user_setrlimit                 (on   ,  off)  Allow user processes to change their priority
allow_ftpd_full_access         (on   ,   on)  Allow ftp servers to login to local users and read/write all files on the system, governed by DAC.
httpd_use_gpg                  (off  ,  off)  Allow httpd to run gpg in gpg-web domain
samba_domain_controller        (off  ,  off)  Allow samba to act as the domain controller, add users, groups and change passwords.
httpd_dbus_sssd                (off  ,  off)  Allow Apache to communicate with sssd service via dbus
/usr/sbin/semanage: No such file or directory

Version-Release number of selected component (if applicable):
# rpm -qa selinux\*
selinux-policy-mls-3.7.19-246.el6.noarch
selinux-policy-targeted-3.7.19-246.el6.noarch
selinux-policy-3.7.19-246.el6.noarch
# rpm -qa policycoreutils\*
policycoreutils-sandbox-2.0.83-19.46.el6.x86_64
policycoreutils-python-2.0.83-19.46.el6.x86_64
policycoreutils-newrole-2.0.83-19.46.el6.x86_64
policycoreutils-2.0.83-19.46.el6.x86_64

Comment 3 Petr Lautrbach 2015-03-09 14:11:41 UTC

I has not been fixed yet.

Comment 6 Petr Lautrbach 2016-01-19 15:49:29 UTC

Due to the limited devel capacity and since it works on RHEL-7 I'm closing this as WONTFIX. Sorry.

Note You need to log in before you can comment on or make changes to this bug.