Description of problem: Not able to change Selinux policies so that they stick across reboots. Version-Release number of selected component (if applicable): selinux-policy-2.4.1-3 How reproducible: Steps to Reproduce: 1. setsebool -P httpd_can_network_connect 1 2. 3. Actual results: libsemanage.semanage_commit_sandbox: Error while renaming /etc/selinux/targeted/modules/active to /etc/selinux/targeted/modules/previous. Could not change policy booleans Expected results: Additional info: The error indicates that the policy was not changed but it does change. However if the the system is rebooted the policy change is lost.
Try restorecon -R -v /etc/selinux setsebool -P httpd_can_network_connect 1 Some how your file context got screwed up. If this works check the file context again and make sure it is correct restorecon -R -v /etc/selinux should generate no output the second time.
That fixed the issue. I did two installs of FC 6, not upgrades, and both systems had this issue. Both systems were missing the /etc/selinux/targeted/modules/previous directory structure. Thanks
I have found if you run a command fix init scripts it causes this to happen. I am updating the policy to fix this in init scripts. If you find any other way to cause it, please report. Fixed in selinux-policy-2.4.3-2
Sorry, I should have cloesd this a long time ago. The problem is fixed.