1288696 – Update of selinux-policy-targeted policy removes locally set security rules

Bug 1288696 - Update of selinux-policy-targeted policy removes locally set security rules

Summary: Update of selinux-policy-targeted policy removes locally set security rules

Keywords:
Status:	CLOSED DUPLICATE of bug 1291601
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	23
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Miroslav Grepl
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2015-12-05 07:02 UTC by Marek Greško
Modified:	2015-12-15 15:20 UTC (History)
CC List:	6 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-12-15 15:20:17 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Marek Greško 2015-12-05 07:02:53 UTC

Description of problem:
Update of selinux-policy-targeted policy removes locally set security rules.

Version-Release number of selected component (if applicable):
All version contained in Fedora 23.

How reproducible:
After every dnf update containing new selinux-policy-targeted package.

Steps to Reproduce:
1. Create some local rules by using semanage fcontext.
2. Rules are contained in /etc/selinux/targeted/context/files/file_contexts.local file.
3. After selinux-policy-targeted update the file /etc/selinux/targeted/context/files/file_contexts.local does not contain created rules.

Actual results:
Locally created rules do not survive selinux-policy-targeted update since upgrade to Fedora 23.

Expected results:
Locally created rules survive selinux-policy-targeted update.

Additional info:

Comment 1 Miroslav Grepl 2015-12-07 20:45:19 UTC

We added fixes for this issue. What does

rpm -qf selinux-policy-targeted

Comment 2 Marek Greško 2015-12-10 19:22:13 UTC

Command rpm -qf selinux-policy-targeted is non-sense. It would try to detect package which owns selinux-policy-targeted file.

You probably mean rpm -qi selinux-policy-targeted:

Name        : selinux-policy-targeted
Version     : 3.13.1
Release     : 155.fc23
Architecture: noarch
Install Date: Pi 27. november 2015, 08:03:11 CET
Group       : System Environment/Base
Size        : 11231582
License     : GPLv2+
Signature   : RSA/SHA256, Ne 22. november 2015, 02:02:05 CET, Key ID 32474cf834ec9cba
Source RPM  : selinux-policy-3.13.1-155.fc23.src.rpm
Build Date  : Pi 20. november 2015, 14:08:41 CET
Build Host  : arm02-builder01.arm.fedoraproject.org
Relocations : (not relocatable)
Packager    : Fedora Project
Vendor      : Fedora Project
URL         : http://github.com/TresysTechnology/refpolicy/wiki
Summary     : SELinux targeted base policy
Description :
SELinux Reference policy targeted base module.

I fixed permissions on 9-th of November 2015 and the issue appeared again. I am not sure whether it was caused by latest update on 27-th of November. Maybe another update between the dates caused it. Was there some update these days and was the bug fixed afterwards?

Comment 3 Marek Greško 2015-12-13 21:52:42 UTC

Issue appeared again with fresh update today. I updated to selinux-policy-targeted-3.13.1-157.fc23.noarch.

Comment 4 Miroslav Grepl 2015-12-15 13:16:03 UTC

Ok this is a different issue.

Comment 5 Lukas Vrabec 2015-12-15 15:20:17 UTC


*** This bug has been marked as a duplicate of bug 1291601 ***

Note You need to log in before you can comment on or make changes to this bug.