Bug 1260879 - Setsebool for "ssh_chroot_rw_homedirs" doesn't work across several reboots
Setsebool for "ssh_chroot_rw_homedirs" doesn't work across several reboots
Status: CLOSED WORKSFORME
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: policycoreutils (Show other bugs)
6.8
Unspecified Unspecified
unspecified Severity high
: rc
: ---
Assigned To: Petr Lautrbach
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-09-08 03:05 EDT by Sushma
Modified: 2015-09-11 09:53 EDT (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-09-11 09:53:22 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Sushma 2015-09-08 03:05:10 EDT
Description of problem:
The command below when use without "-P" option doesn't work
setsebool -P ssh_chroot_rw_homedirs on


Version-Release number of selected component (if applicable):


How reproducible:
Run the command setsebool -P ssh_chroot_rw_homedirs on (provided ssh_chroot_rw_homedirs is off  )

Steps to Reproduce:
1.set ssh_chroot_rw_homedirs to off
2.Run setsebool -P ssh_chroot_rw_homedirs on
3.Check the status :
sestatus -b | grep ssh_chroot_rw_homedirs
It will be still off.

Actual results:
sestatus -b | grep ssh_chroot_rw_homedirs gives "off" status


Expected results:
sestatus -b | grep ssh_chroot_rw_homedirs should give "on" status

Additional info:
Comment 2 Milos Malik 2015-09-08 04:02:26 EDT
# setsebool -P ssh_chroot_rw_homedirs off
# getsebool ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs --> off
# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      off
# semanage boolean -l | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs         (off  ,  off)  Allow ssh with chroot env to read and write files in the user home directories
# setsebool -P ssh_chroot_rw_homedirs on
# getsebool ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs --> on
# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      on
# semanage boolean -l | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs         (on   ,   on)  Allow ssh with chroot env to read and write files in the user home directories
# 

It works as expected on RHEL-6.7. Which version of policycoreutils do you have?

# rpm -qf `which setsebool`
policycoreutils-2.0.83-24.el6.x86_64
#
Comment 3 Sushma 2015-09-08 04:35:37 EDT
policycoreutils version is :


policycoreutils-2.0.83-19.47.el6.x86_64
Comment 4 Petr Lautrbach 2015-09-11 09:53:22 EDT
I confirm comment 2, it works as expected:


[root@plautrba-rhel-6 ~]# setsebool -P ssh_chroot_rw_homedirs on
[root@plautrba-rhel-6 ~]# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      on
[root@plautrba-rhel-6 ~]# setsebool -P ssh_chroot_rw_homedirs off
[root@plautrba-rhel-6 ~]# sestatus -b | grep ssh_chroot_rw_homedirs
ssh_chroot_rw_homedirs                      off
[root@plautrba-rhel-6 ~]# rpm -qf /usr/sbin/setsebool 
policycoreutils-2.0.83-19.47.el6_6.1.x86_64



If it doesn't still work for you with he latest updates and can provide another reproducer, feel free to reopen this bug.

Note You need to log in before you can comment on or make changes to this bug.