Hide Forgot
Description of problem: Various policy changes made with 'semanage' in Fedora 22 were reverted after update to Fedora 23, specifically a bunch of: semanage port -a -t http_port_t -p tcp <some port> Needed to be redone after ugrade. Possibly related, is bug#1278269 where some other manually set policy was reverted. Version-Release number of selected component (if applicable): I put this under libselinux (libselinux-2.4-4.fc23.x86_64) but it could be something else... How reproducible: Not sure, it happened during upgrade. Steps to Reproduce: 1.Allow a port to be used by http (say, for using mod_proxy to access a tomcat AJP connector, or for listening on a non-standard port) 2.Upgrade from F22 to F23 using 'dnf system-upgrade' 3. Actual results: Denials occur when starting http which were working previously. Expected results: Previously issued "semanage" sticks. Additional info:
It seems that we don't migrate port and maybe other local changes during policy store migration. As a workaround, you can try to copy *.local files from /etc/selinux/targeted/modules/active/ to /var/lib/selinux/targeted/active.
... and run 'semodule -B' to
*** Bug 1279784 has been marked as a duplicate of this bug. ***
selinux-policy-3.13.1-155.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f
selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with $ su -c 'dnf --enablerepo=updates-testing update selinux-policy' You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2015-0d84d6c75f
selinux-policy-3.13.1-155.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.