Description of problem: "semanage fcontext -l -C" displays nothing if only local fcontext equivalence rules are defined. If also local fcontext type rule is defined, then "semanage fcontext -l -C" displays both the local fcontext type rules and local fcontext equivalence rules. "semanage fcontext -l" displays all in all cases. Version-Release number of selected component (if applicable): policycoreutils-2.1.4-10.fc16.x86_64 selinux-policy-targeted-3.10.0-56.fc16.noarch How reproducible: Always. Steps to Reproduce: 1. Ensure that no local fcontext rules are defined: semanage fcontext -l -C semanage fcontext -l | tail -20 The first should display nothing, the second must no contain a section with local rules. 2. Add a local fcontext equivalence rule: semanage fcontext -a -e /var/lib/mysql /fs/database/mysql 3. Check the result: semanage fcontext -l -C semanage fcontext -l | tail -20 The first command should displays nothing (this is the error). But it should display the rule entered above, like this: SELinux Local fcontext Equivalence /fs/database/mysql = /var/lib/mysql 4. Add a local fcontext type rule: semanage fcontext -a -t var_lib_t /fs/database 5. Check the result: semanage fcontext -l -C semanage fcontext -l | tail -20 Now the first command displays all local fcontext rules (as it should): SELinux-fcontext Typ Inhalt /fs/database all files system_u:object_r:var_lib_t:s0 SELinux Local fcontext Equivalence /fs/database/mysql = /var/lib/mysql 6. Remove the fcontext equialence rule: semanage fcontext -d -e /var/lib/mysql /fs/database/mysql 7. Check the result: semanage fcontext -l -C semanage fcontext -l | tail -20 Now the first command still displays the fcontext type rule, which is right: SELinux-fcontext Typ Inhalt /fs/database all files system_u:object_r:var_lib_t:s0 8. Remove the fcontext type rule (to clean up): semanage fcontext -d -t var_lib_t /fs/database Actual results: "semanage fcontext -l -C" only displays something if a local fcontext type rule is defined. Expected results: "semanage fcontext -l -C" displays something if a local fcontext type rule or a local equivalence rule is defined. Additional info: This error seems to be new in Fedora 16. In previous Fedora versions "semanage fcontext -l -C" always displays all local rules.
Fixed in policycoreutils-2.1.4-11.fc16
policycoreutils-2.1.4-12.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/policycoreutils-2.1.4-12.fc16
Package policycoreutils-2.1.4-12.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing policycoreutils-2.1.4-12.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2011-16658/policycoreutils-2.1.4-12.fc16 then log in and leave karma (feedback).
policycoreutils-2.1.4-12.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.