Red Hat Bugzilla – Bug 1288696
Update of selinux-policy-targeted policy removes locally set security rules
Last modified: 2015-12-15 10:20:43 EST
Description of problem:
Update of selinux-policy-targeted policy removes locally set security rules.
Version-Release number of selected component (if applicable):
All version contained in Fedora 23.
After every dnf update containing new selinux-policy-targeted package.
Steps to Reproduce:
1. Create some local rules by using semanage fcontext.
2. Rules are contained in /etc/selinux/targeted/context/files/file_contexts.local file.
3. After selinux-policy-targeted update the file /etc/selinux/targeted/context/files/file_contexts.local does not contain created rules.
Locally created rules do not survive selinux-policy-targeted update since upgrade to Fedora 23.
Locally created rules survive selinux-policy-targeted update.
We added fixes for this issue. What does
rpm -qf selinux-policy-targeted
Command rpm -qf selinux-policy-targeted is non-sense. It would try to detect package which owns selinux-policy-targeted file.
You probably mean rpm -qi selinux-policy-targeted:
Name : selinux-policy-targeted
Version : 3.13.1
Release : 155.fc23
Install Date: Pi 27. november 2015, 08:03:11 CET
Group : System Environment/Base
Size : 11231582
License : GPLv2+
Signature : RSA/SHA256, Ne 22. november 2015, 02:02:05 CET, Key ID 32474cf834ec9cba
Source RPM : selinux-policy-3.13.1-155.fc23.src.rpm
Build Date : Pi 20. november 2015, 14:08:41 CET
Build Host : arm02-builder01.arm.fedoraproject.org
Relocations : (not relocatable)
Packager : Fedora Project
Vendor : Fedora Project
URL : http://github.com/TresysTechnology/refpolicy/wiki
Summary : SELinux targeted base policy
SELinux Reference policy targeted base module.
I fixed permissions on 9-th of November 2015 and the issue appeared again. I am not sure whether it was caused by latest update on 27-th of November. Maybe another update between the dates caused it. Was there some update these days and was the bug fixed afterwards?
Issue appeared again with fresh update today. I updated to selinux-policy-targeted-3.13.1-157.fc23.noarch.
Ok this is a different issue.
*** This bug has been marked as a duplicate of bug 1291601 ***