Bug 1439875 - Setting booleans causes duplicate ports in semanage listings
Summary: Setting booleans causes duplicate ports in semanage listings
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: libsemanage
Version: 25
Hardware: Unspecified
OS: Linux
unspecified
low
Target Milestone: ---
Assignee: Petr Lautrbach
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-04-06 17:59 UTC by Carlos Rodrigues
Modified: 2017-04-19 17:01 UTC (History)
7 users (show)

Fixed In Version: libsemanage-2.5-9.fc25
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1439907 (view as bug list)
Environment:
Last Closed: 2017-04-19 09:26:33 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description Carlos Rodrigues 2017-04-06 17:59:08 UTC 
Description of problem:

I've noticed a strange interaction with custom ports and booleans. After setting a boolean, the list of ports for a particular type (which has been customized) shows duplicate entries.

Example:

  $ semanage port -a -t http_port_t -p tcp 12345
  $ semanage port -l | grep http_port_t
  http_port_t                    tcp      12345, 80, 81, ...
  $ setsebool -P zebra_write_config false
  $ semanage port -l | grep http_port_t
  http_port_t                    tcp      12345, 12345, 80, 81, ...
  $ setsebool -P zebra_write_config false
  $ semanage port -l | grep http_port_t
  http_port_t                    tcp      12345, 12345, 12345, 80, 81, ...

As can be seen, each time a boolean is set persistently (it doesn't matter which boolean or which state), the custom port 12345 is duplicated. Running "semodule -B" clears the duplicates.

However, if only the local customizations are listed, the port is always listed only once:

  $ semanage port -l -C
  SELinux Port Type              Proto    Port Number
  http_port_t                    tcp      12345

Version-Release number of selected component (if applicable):
libselinux-2.5-13.fc25.x86_64
(Originally found this on CentOS 7.3's "libselinux-2.5-6.el7.x86_64").

How reproducible:
Always

I've submitted this upstream here: https://github.com/SELinuxProject/selinux/issues/50
Comment 1 Petr Lautrbach 2017-04-11 08:06:46 UTC 
Thanks for the report!

A fix is available at upstream mailing list now - https://marc.info/?l=selinux&m=149183707331194&w=2
Comment 2 Stephen Smalley 2017-04-13 18:59:06 UTC 
You'll also want 8702a865e08b5660561e194a83e4a363061edc03 if you want to avoid a regression in setsebool -P runtime and memory overhead.
Comment 3 Petr Lautrbach 2017-04-18 08:49:12 UTC 
Added b61922f727d5643265e27654a2d626bcae5d894c and 8702a865e08b5660561e194a83e4a363061edc03

Thanks!
Comment 4 Fedora Update System 2017-04-18 09:00:07 UTC 
libsemanage-2.6-3.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-165322f06a
Comment 5 Fedora Update System 2017-04-18 10:06:44 UTC 
libsemanage-2.5-9.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea82d19050
Comment 6 Fedora Update System 2017-04-18 13:23:01 UTC 
libsemanage-2.5-9.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ea82d19050
Comment 7 Fedora Update System 2017-04-18 19:54:15 UTC 
libsemanage-2.6-3.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-165322f06a
Comment 8 Fedora Update System 2017-04-19 09:26:33 UTC 
libsemanage-2.5-9.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2017-04-19 17:01:01 UTC 
libsemanage-2.6-3.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.