Description of problem: Occasionally, my tests are blowing up and leaving tun devices around in semanage interface -l. When I remove the interface with `semanage interface -d tun#` where # is the number of the device left the corresponding entry is not removed from /etc/selinux/mls/modules/active/nodes.local thus when I attempt to rerun I am told the address already exists. Version-Release number of selected component (if applicable): policycoreutils-1.33.12-6.el5 [root/abat_r/SystemLow@xracer5 framework]# rpm -q kernel; rpm -q selinux-policy kernel-2.6.18-8.el5.lspp.66 kernel-2.6.18-8.1.1.el5.lspp.69 selinux-policy-2.4.6-45.el5 [root/abat_r/SystemLow@xracer5 framework]# uname -a Linux xracer5.ltc.austin.ibm.com 2.6.18-8.1.1.el5.lspp.69 #1 SMP Mon Mar 19 14:50:21 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux How reproducible: Steps to Reproduce: 1. Leave tun device around from testing 2. semange interface -d <tun-device> 3. Look at /etc/selinux/mls/modules/active/nodes.local Actual results: Address remains Expected results: Address not expected to be there any more. Additional info Example: semanage interface -l SELinux Interface Context lo system_u:object_r:lo_netif_t:s0-s15:c0.c1023 tun2 system_u:object_r:tun_tap_device_t:s0-s15:c0.c1023 [root/abat_r/SystemLow@xracer5 framework]# cat /etc/selinux/mls/modules/active/nodes.local # This file is auto-generated by libsemanage # Please use the semanage command to make changes nodecon ipv4 169.254.0.2 255.255.255.0 system_u:object_r:compat_ipv4_node_t:s0-s15:c0.c1023 [root/abat_r/SystemLow@xracer5 framework]# semanage interface -d tun2 [root/abat_r/SystemLow@xracer5 framework]# cat /etc/selinux/mls/modules/active/nodes.local # This file is auto-generated by libsemanage # Please use the semanage command to make changes nodecon ipv4 169.254.0.2 255.255.255.0 system_u:object_r:compat_ipv4_node_t:s0-s15:c0.c1023 [root/abat_r/SystemLow@xracer5 framework]# rpm -qf `which semanage` [root/abat_r/SystemLow@xracer5 framework]# ls -Z `which semanage` -rwxr-xr-x root root system_u:object_r:semanage_exec_t:SystemLow /usr/sbin/semanage [root/abat_r/SystemLow@xracer5 framework]# ls -Z /etc/selinux/mls/modules/active/nodes.local -rw-r--r-- root root abat_u:object_r:selinux_config_t:SystemLow /etc/selinux/mls/modules/active/nodes.local [root/abat_r/SystemLow@xracer5 framework]# id uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) context=abat_u:abat_r:abat_t:SystemLow-SystemHigh
I think this problem was related to this bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=231392
I am confused. semanage interface -a creates an interfaces.local file not a nodes.local file?
Please confirm that this bug report is accurate. What is nodes.local and where did it come from? Please retry on 70 kernel.
Loulwa and Joy looking at this one. Attempting to rerun test now. May be testcase cleanup issue.
Loulwa and Joy still looking. Not semange. Call from libsemanage or libsepol - semanage_node =_create()? Testcase makes calls directly to libsemange. Should be able to manage nodes via semanage accordig to dwalsh.
Ok, this appears to no longer be a problem. Twice, I ran the testcases Kylie was running on two x86_64 platforms with no problems. After the testcases completed, there was an /etc/selinux/mls/modules/active/nodes.local file but it did not contain any entries. Thus the entries were being removed successfully. I am using a more recent kernel and policy than Kylie was so perhaps the problem has been fixed. Perhaps we can close this and if the problem occurs again we can always reopen.
I am updating semanage to handle nodes, but I think we should close this bug.