Bug 214052 - Could not change policy booleans
Could not change policy booleans
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: selinux-policy (Show other bugs)
6
x86_64 Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-05 01:52 EST by David Highley
Modified: 2008-05-01 11:39 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-01-18 22:47:51 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description David Highley 2006-11-05 01:52:26 EST
Description of problem:
Not able to change Selinux policies so that they stick across reboots.


Version-Release number of selected component (if applicable):
selinux-policy-2.4.1-3

How reproducible:


Steps to Reproduce:
1. setsebool -P httpd_can_network_connect 1
2.
3.
  
Actual results:
libsemanage.semanage_commit_sandbox: Error while renaming
/etc/selinux/targeted/modules/active to /etc/selinux/targeted/modules/previous.
Could not change policy booleans

Expected results:


Additional info:
The error indicates that the policy was not changed but it does change. However
if the the system is rebooted the policy change is lost.
Comment 1 Daniel Walsh 2006-11-06 10:43:10 EST
Try 

restorecon -R -v /etc/selinux
setsebool -P httpd_can_network_connect 1

Some how your file context got screwed up.

If this works check the file context again and make sure it is correct

restorecon -R -v /etc/selinux

should generate no output the second time.
Comment 2 David Highley 2006-11-06 20:23:16 EST
That fixed the issue. I did two installs of FC 6, not upgrades, and both systems
had this issue. Both systems were missing the
/etc/selinux/targeted/modules/previous directory structure. Thanks
Comment 3 Daniel Walsh 2006-11-07 13:08:30 EST
I have found if you run a command fix init scripts it causes this to happen.  I
am updating the policy to fix this in init scripts.

If you find any other way to cause it, please report.

Fixed in selinux-policy-2.4.3-2
Comment 4 David Highley 2007-01-18 22:47:14 EST
Sorry, I should have cloesd this a long time ago. The problem is fixed.

Note You need to log in before you can comment on or make changes to this bug.