Bug 1278454 - semanage -o - shows also 'zero' changes in booleans
semanage -o - shows also 'zero' changes in booleans
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: policycoreutils (Show other bugs)
All Linux
unspecified Severity low
: rc
: ---
Assigned To: Petr Lautrbach
Dalibor Pospíšil
Depends On:
  Show dependency treegraph
Reported: 2015-11-05 09:26 EST by Dalibor Pospíšil
Modified: 2016-04-28 08:10 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-04-28 08:10:31 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dalibor Pospíšil 2015-11-05 09:26:30 EST
Description of problem:
semanage show local customizations to policy even if the is now change against policy default.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. #  semanage boolean -l | grep   git_system_use_cifs
git_system_use_cifs            (off  ,  off)  Determine whether Git system daemon can access cifs file systems.
2. # semanage -o - | grep git_system_use_cifs
3. # setsebool -P git_system_use_cifs on
4. # semanage -o - | grep git_system_use_cifs
boolean -1 git_system_use_cifs
5. # setsebool -P git_system_use_cifs off
6. # semanage -o - | grep git_system_use_cifs
boolean -0 git_system_use_cifs

I think after step 5, there should not be any local customization of git_system_use_cifs.
Comment 1 Petr Lautrbach 2016-04-28 08:10:31 EDT
semanage doesn't do an analysis of the current policy to find out what's the default value. It would be unnecessary expensive. You did a local modification using setsebool and it's shown in the semanage output.

Note You need to log in before you can comment on or make changes to this bug.