Red Hat Bugzilla – Bug 220071
Can't remove a role from an selinux user with semanage
Last modified: 2007-11-30 17:07:39 EST
Description of problem:
Once a role is added to an selinux user with semanage, it
can't be removed.
Version-Release number of selected component (if applicable):
I'm running the RHEL5 beta 2 and RHEL5 RCS3 kit on different
systems, each with the latest mls policy and tools from dwalsh's
people page. The behavior is the same on both systems.
Steps to Reproduce:
1.Add user_r to staff_u: semanage user -m -R" sysadm_r staff_r user_r secadm_r
2.verify that its there: semanage user -l |grep staff_u
3.Remove user_r from staff_u: semanage user -m -R" sysadm_r staff_r secadm_r
4.verify that its gone: semanage user -l |grep staff_u
user_r still shows up.
shouldn't see user_r as a role for staff_u
I tested a patch to /usr/lib/python2.4/site-packages/seobject.py
posted by Dan and it fixes the problem.
Fixed in policycoreutils-1_33_6-6
A package has been built which should help the problem described in
this bug report. This report is therefore being closed with a resolution
of CURRENTRELEASE. You may reopen this bug report if the solution does
not work for you.