Persisting an selinux boolean fails: [david@juran ~]$ sudo setsebool -P httpd_can_network_connect 1 [sudo] password for david: libsepol.context_from_record: type boothd_etc_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:boothd_etc_t:s0 to sid invalid context system_u:object_r:boothd_etc_t:s0 Failed to commit changes to booleans: Success The boolean get set but is not persisted and is again reset after reboot [david@juran ~]$ rpm -q policycoreutils selinux-policy-targeted policycoreutils-3.5-1.fc38.x86_64 selinux-policy-targeted-38.15-1.fc38.noarch Reproducible: Always
David, The type was added in selinux-policy-targeted-38.14-1, but no error like this is expected to appear. Have you have made any related changes? semanage export semodule -lfull | grep boothd semodule -lfull | grep -v ^100
I still cannot reproduce it, the type always exists: # seinfo -xt boothd_etc_t Types: 1 type boothd_etc_t, configfile, file_type, non_auth_file_type, non_security_file_type; # setsebool -P httpd_can_network_connect 1 <> # rpm -q selinux-policy selinux-policy-38.17-1.fc39.noarch If triggering conditions are not found, I will proceed and close this bz.
As no new information appeared during the past 2 weeks, we are going to close this bug. If you need to pursue this matter further, feel free to reopen this bug and attach the needed information.
Terribly sorry for late reply, been out traveling the past two weeks. [root@juran ~]# semanage export boolean -D login -D interface -D user -D port -D node -D fcontext -D module -D ibendport -D ibpkey -D permissive -D boolean -m -0 httpd_can_network_connect boolean -m -1 httpd_can_sendmail boolean -m -1 httpd_unified boolean -m -1 named_write_master_zones boolean -m -0 nis_enabled boolean -m -1 spamassassin_can_network boolean -m -1 use_nfs_home_dirs boolean -m -1 virt_sandbox_use_all_caps boolean -m -0 virt_use_nfs [root@juran ~]# [root@juran ~]# semodule -lfull | grep boothd 100 boothd pp [root@juran ~]# semodule -lfull | grep -v ^100 200 flatpak pp [root@juran ~]# seinfo -xt boothd_etc_t Types: 1 type boothd_etc_t, configfile, file_type, non_auth_file_type, non_security_file_type; [root@juran ~]# rpm -q selinux-policy selinux-policy-38.15-1.fc38.noarch [root@juran ~]# setsebool -P httpd_can_network_connect 1 libsepol.context_from_record: type boothd_etc_t is not defined libsepol.context_from_record: could not create context structure libsepol.context_from_string: could not create context structure libsepol.sepol_context_to_sid: could not convert system_u:object_r:boothd_etc_t:s0 to sid invalid context system_u:object_r:boothd_etc_t:s0 Failed to commit changes to booleans: Success The boolean is actually set: [root@juran ~]# getsebool httpd_can_network_connect httpd_can_network_connect --> on But it is not persisted, none of the booleans in /etc/selinux/targeted/modules/active/booleans.local is loaded on startup.
Can you try reinstalling all policies? dnf reinstall selinux-policy selinux-policy-targeted flatpak-selinux
I don't pretend to understand why this solved the issue, but it did! Thanks for the help :-)