Bug 1288696 - Update of selinux-policy-targeted policy removes locally set security rules
Update of selinux-policy-targeted policy removes locally set security rules
Status: CLOSED DUPLICATE of bug 1291601
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
23
All Linux
high Severity medium
: ---
: ---
Assigned To: Miroslav Grepl
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2015-12-05 02:02 EST by Marek Greško
Modified: 2015-12-15 10:20 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-12-15 10:20:17 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Marek Greško 2015-12-05 02:02:53 EST
Description of problem:
Update of selinux-policy-targeted policy removes locally set security rules.

Version-Release number of selected component (if applicable):
All version contained in Fedora 23.

How reproducible:
After every dnf update containing new selinux-policy-targeted package.

Steps to Reproduce:
1. Create some local rules by using semanage fcontext.
2. Rules are contained in /etc/selinux/targeted/context/files/file_contexts.local file.
3. After selinux-policy-targeted update the file /etc/selinux/targeted/context/files/file_contexts.local does not contain created rules.

Actual results:
Locally created rules do not survive selinux-policy-targeted update since upgrade to Fedora 23.

Expected results:
Locally created rules survive selinux-policy-targeted update.

Additional info:
Comment 1 Miroslav Grepl 2015-12-07 15:45:19 EST
We added fixes for this issue. What does

rpm -qf selinux-policy-targeted
Comment 2 Marek Greško 2015-12-10 14:22:13 EST
Command rpm -qf selinux-policy-targeted is non-sense. It would try to detect package which owns selinux-policy-targeted file.

You probably mean rpm -qi selinux-policy-targeted:

Name        : selinux-policy-targeted
Version     : 3.13.1
Release     : 155.fc23
Architecture: noarch
Install Date: Pi 27. november 2015, 08:03:11 CET
Group       : System Environment/Base
Size        : 11231582
License     : GPLv2+
Signature   : RSA/SHA256, Ne 22. november 2015, 02:02:05 CET, Key ID 32474cf834ec9cba
Source RPM  : selinux-policy-3.13.1-155.fc23.src.rpm
Build Date  : Pi 20. november 2015, 14:08:41 CET
Build Host  : arm02-builder01.arm.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://github.com/TresysTechnology/refpolicy/wiki
Summary     : SELinux targeted base policy
Description :
SELinux Reference policy targeted base module.

I fixed permissions on 9-th of November 2015 and the issue appeared again. I am not sure whether it was caused by latest update on 27-th of November. Maybe another update between the dates caused it. Was there some update these days and was the bug fixed afterwards?
Comment 3 Marek Greško 2015-12-13 16:52:42 EST
Issue appeared again with fresh update today. I updated to selinux-policy-targeted-3.13.1-157.fc23.noarch.
Comment 4 Miroslav Grepl 2015-12-15 08:16:03 EST
Ok this is a different issue.
Comment 5 Lukas Vrabec 2015-12-15 10:20:17 EST

*** This bug has been marked as a duplicate of bug 1291601 ***

Note You need to log in before you can comment on or make changes to this bug.