Hide Forgot
Description of problem: * if the fcontext pattern is defined in policy then adding the same pattern should always result in an error message * if the fcontext pattern is defined in policy and cannot be deleted then every attempt to remove such fcontext pattern should result in an error message Version-Release number of selected component (if applicable): policycoreutils-python-2.0.83-30.1.el6_8.x86_64 policycoreutils-2.0.83-30.1.el6_8.x86_64 How reproducible: * always Steps to Reproduce: # semanage fcontext -l | grep /var/log/httpd /var/log/httpd(/.*)? all files system_u:object_r:httpd_log_t:s0 # semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?' libsemanage.dbase_llist_query: could not query record value (No such file or directory). # semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?' # semanage fcontext -a -t httpd_log_t '/var/log/httpd(/.*)?' # semanage fcontext -l | grep /var/log/httpd /var/log/httpd(/.*)? all files system_u:object_r:httpd_log_t:s0 # semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?' # semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?' /usr/sbin/semanage: File context for /var/log/httpd(/.*)? is defined in policy, cannot be deleted # semanage fcontext -d -t httpd_log_t '/var/log/httpd(/.*)?' /usr/sbin/semanage: File context for /var/log/httpd(/.*)? is defined in policy, cannot be deleted #
Red Hat Enterprise Linux version 6 is in the Production 2 phase of its lifetime and this bug doesn't meet the criteria for it, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information. This issue is fixed in Red Hat Enterprise Linux version 7.
I was wrong. This is actually a correct behavior, see https://bugzilla.redhat.com/show_bug.cgi?id=1398427