2133042 – setsebool persistent fails due to stalld_var_run_t not defined error

Bug 2133042 - setsebool persistent fails due to stalld_var_run_t not defined error

Summary: setsebool persistent fails due to stalld_var_run_t not defined error

Keywords:
Status:	CLOSED DUPLICATE of bug 2056303
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	selinux-policy
Sub Component:
Version:	36
Hardware:	x86_64
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Zdenek Pytela
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-10-07 15:51 UTC by Michael Cronenworth
Modified:	2022-10-22 03:16 UTC (History)
CC List:	8 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2022-10-22 03:16:53 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
command line output (16.29 KB, text/plain) 2022-10-07 16:41 UTC, Michael Cronenworth	no flags	Details
View All

Description Michael Cronenworth 2022-10-07 15:51:55 UTC

Description of problem:
[root@foobar michael]# setsebool -P httpd_can_network_connect 1
libsepol.context_from_record: type stalld_var_run_t is not defined
libsepol.context_from_record: could not create context structure
libsepol.context_from_string: could not create context structure
libsepol.sepol_context_to_sid: could not convert system_u:object_r:stalld_var_run_t:s0 to sid
invalid context system_u:object_r:stalld_var_run_t:s0
Failed to commit changes to booleans: Success

I have tried removing the selinux policy and reinstalling. No change.


Version-Release number of selected component (if applicable):
selinux-policy-targeted-36.15-1.fc36.noarch



How reproducible:
Always


Steps to Reproduce:
1. Any setsebool with persistent command
2.
3.

Actual results:
Persistent setting not saved.


Expected results:
Persistent setting saved.


Additional info:

Comment 1 Zdenek Pytela 2022-10-07 16:17:28 UTC

Michael,

stall is confined since v36.7 and no problems were reported so far, neither can I reproduce your issue. Are you aware of custom changes made on your system?

# semodule -lfull | grep stalld
# semodule -lfull | grep -v ^100
# semanage export

Comment 2 Milos Malik 2022-10-07 16:18:59 UTC

I believe there is a broken policy module present on your machine and the module is causing the issue.

The use of "setsebool -P ..." command leads to a recompilation of policy which hits the broken policy module (undefined types or dependency problem).

Please run the following commands on your machine and attach their output to this BZ:

# rpm -qa | grep selinux
# semodule -lfull

Thank you.

Comment 3 Michael Cronenworth 2022-10-07 16:41:08 UTC

Created attachment 1916745 [details]
command line output

I am attaching the command line output from all of the requested commands.

It should be noted this system is an upgraded system from earlier Fedora versions. Version 30 was the initial install and it was upgraded with dnf system-upgrade to every next version.

Comment 4 Michael Cronenworth 2022-10-22 03:16:53 UTC

It is caused by bug 2056303 and the workarounds described there fixed the issue. Removing the "bad" flatpak module and reinstalling fixed it. Sorry, but it was hard to Google the solution. I finally found it and it works.

*** This bug has been marked as a duplicate of bug 2056303 ***

Note You need to log in before you can comment on or make changes to this bug.