Bug 489922 - semanage could have a switch not to complain when port value is already set
semanage could have a switch not to complain when port value is already set
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils (Show other bugs)
5.3
All Linux
low Severity low
: ---
: ---
Assigned To: Miroslav Grepl
BaseOS QE
:
Depends On:
Blocks: 530353
  Show dependency treegraph
 
Reported: 2009-03-12 11:17 EDT by Jan Pazdziora
Modified: 2011-05-17 03:01 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 530353 (view as bug list)
Environment:
Last Closed: 2009-12-18 13:56:11 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Pazdziora 2009-03-12 11:17:15 EDT
Description of problem:

If you run for example

/usr/sbin/semanage port -a -t jabber_interserver_port_t -p tcp 5347

semanage will complain

/usr/sbin/semanage: Port tcp/5347 already defined

on stderr if that value is already defined. But if I run /usr/sbin/semanage port -a, I just want the port value to be set and I do not really care that it's been already there. If it was, even better, no work to be done.

Thus, /usr/sbin/semanage could use a switch to silence that error message.

Alternatively, /usr/sbin/semanage could be made silent by default and have a switch to turn the error message on.

Version-Release number of selected component (if applicable):

# rpm -qf /usr/sbin/semanage
policycoreutils-1.33.12-14.2.el5

How reproducible:

Deterministic.

Steps to Reproduce:
1. Run /usr/sbin/semanage port -a -t jabber_interserver_port_t -p tcp 5347 or similar command.
2. Run /usr/sbin/semanage port -a -t jabber_interserver_port_t -p tcp 5347 again.
  
Actual results:

/usr/sbin/semanage: Port tcp/5347 already defined
and no way to silence this error down. I tried using grep -v but I get

type=AVC msg=audit(1235487991.186:887): avc:  denied  { write } for  pid=19471 comm="setfiles" path="pipe:[103953]" dev=pipefs ino=103953 scontext=root:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=root:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=fifo_file
type=AVC msg=audit(1235487991.186:887): avc:  denied  { write } for  pid=19471 comm="setfiles" path="pipe:[103953]" dev=pipefs ino=103953 scontext=root:system_r:setfiles_t:s0-s0:c0.c1023 tcontext=root:system_r:rpm_script_t:s0-s0:c0.c1023 tclass=fifo_file

when I do that in rpm's %post.

Expected results:

Have an easy way of turning that error message off.

Additional info:
Comment 1 Daniel Walsh 2009-03-24 10:48:30 EDT
I want to move this to 5.5 since we don't have this in Rawhide yet and it.
Comment 3 Daniel Walsh 2009-10-28 08:59:05 EDT
Why not just add the following to your script.

/usr/sbin/semanage port -l | grep ^jabber_interserver_port_t.*tcp.*5347 > /dev/null
if [ $? .ne 0 ]; then
 /usr/sbin/semanage port -a -t jabber_interserver_port_t -p tcp 5347
fi
Comment 4 Jan Pazdziora 2009-10-28 11:52:39 EDT
Oh, I could definitely do that. I just felt that if semanage was able to do it directly, it would decrease race condition when the value is deleted between those two semanage invocations, plus the scripts calling semanage might be a bit simpler (one line instead of cca four).

So it's just about making it easier for callers, not adding functionality which would not be available otherwise.

Note You need to log in before you can comment on or make changes to this bug.