Bug 220071 - Can't remove a role from an selinux user with semanage
Can't remove a role from an selinux user with semanage
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
Depends On:
  Show dependency treegraph
Reported: 2006-12-18 14:18 EST by Linda Knippers
Modified: 2007-11-30 17:07 EST (History)
3 users (show)

See Also:
Fixed In Version: RC
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-02-07 20:52:34 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Linda Knippers 2006-12-18 14:18:55 EST
Description of problem:

Once a role is added to an selinux user with semanage, it
can't be removed.

Version-Release number of selected component (if applicable):
I'm running the RHEL5 beta 2 and RHEL5 RCS3 kit on different
systems, each with the latest mls policy and tools from dwalsh's
people page.  The behavior is the same on both systems.

How reproducible:

Steps to Reproduce:
1.Add user_r to staff_u:  semanage user -m -R" sysadm_r staff_r user_r secadm_r
auditadm_r" staff_u
2.verify that its there: semanage user -l |grep staff_u
3.Remove user_r from staff_u:  semanage user -m -R" sysadm_r staff_r secadm_r
auditadm_r" staff_u
4.verify that its gone:  semanage user -l |grep staff_u

Actual results:
user_r still shows up.

Expected results:
shouldn't see user_r as a role for staff_u

Additional info:
I tested a patch to /usr/lib/python2.4/site-packages/seobject.py
posted by Dan and it fixes the problem.
Comment 1 Daniel Walsh 2006-12-18 14:56:58 EST
Fixed in policycoreutils-1_33_6-6
Comment 4 RHEL Product and Program Management 2007-02-07 20:52:34 EST
A package has been built which should help the problem described in 
this bug report. This report is therefore being closed with a resolution 
of CURRENTRELEASE. You may reopen this bug report if the solution does 
not work for you.

Note You need to log in before you can comment on or make changes to this bug.