Hide Forgot
Description of problem: Version-Release number of selected component (if applicable): policycoreutils-python-2.0.83-19.1.el6.x86_64 policycoreutils-2.0.83-19.1.el6.x86_64 How reproducible: always Steps to Reproduce: # semanage permissive -l | grep fenced # semanage permissive -a fenced_t # semanage permissive -l | grep fenced fenced_t # semanage permissive -d fenced # echo $? 0 # semanage permissive -l | grep fenced # Actual results: * no error message * exit code = 0 * fenced_t is removed from the list of permissive domains Expected results: * error message appears * exit code > 0 * fenced_t is still present in the list of permissive domains
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.
The same happens when you use "semanage permissive -d" and any of these strings: "f", "fe", "fen", "fenc", "fence", "fenced_".
Another reproducer: # semanage permissive -a ypbind_t # semanage permissive -a ypserv_t # semanage permissive -l | grep yp Builtin Permissive Types Customized Permissive Types ypbind_t ypserv_t # semanage permissive -d yp # semanage permissive -l | grep yp Builtin Permissive Types Customized Permissive Types ypserv_t #
Strange I am not seeing this here.
Ok I recreated it on my RHEL6 box. Seems to work correctly on F14. I am looking into it. This looks like an libsemanage problem.
Fixed in libsemanage-2.0.45-1.el6
I have a scratch build here that you can test https://brewweb.devel.redhat.com/taskinfo?taskID=3128494
Still the same. # rpm -qa | grep -e libsemanage -e policycoreutils -e libselinux -e libsepol | sort libselinux-2.0.94-3.el6.x86_64 libselinux-devel-2.0.94-3.el6.x86_64 libselinux-python-2.0.94-3.el6.x86_64 libselinux-utils-2.0.94-3.el6.x86_64 libsemanage-2.0.45-1.el6.x86_64 libsemanage-python-2.0.45-1.el6.x86_64 libsepol-2.0.41-3.el6.x86_64 libsepol-devel-2.0.41-3.el6.x86_64 policycoreutils-2.0.83-19.1.el6.x86_64 policycoreutils-python-2.0.83-19.1.el6.x86_64 # # semanage permissive -l | grep fence # semanage permissive -a fenced_t # semanage permissive -l | grep fence fenced_t # semanage permissive -d fen # echo $? 0 # semanage permissive -l | grep fence #
Yes it is still broken. I tried it yesterday and it seemed to work. But now I see it on Rawhide also. I believe the problem is in libsemanage.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux.
It seems to be fixed by https://github.com/SELinuxProject/selinux/commit/c9b09be4244f3c90cee19d9e3feca324f0e0e636
Red Hat Enterprise Linux version 6 is in the Production 2 phase of its lifetime and the fix for this bug is not trivial. Also this bug doesn't meet the criteria for the phase 2, i.e. only high severity issues will be fixed. Please see https://access.redhat.com/support/policy/updates/errata/ for further information.