Red Hat Bugzilla – Bug 806220
list of permissive domains is not empty after disabling permissivedomains module
Last modified: 2012-06-20 08:32:29 EDT
Description of problem:
Version-Release number of selected component (if applicable):
Steps to Reproduce:
SELinux status: enabled
SELinuxfs mount: /selinux
Current mode: enforcing
Mode from config file: enforcing
Policy version: 24
Policy from config file: targeted
# semodule -d permissivedomains
# semodule -l | grep permissivedomains
permissivedomains 1.0.0 Disabled
# semanage permissive -l
Builtin Permissive Types
* the list is not empty
* the list is empty
Yes, there was a bug which I fixed. Easy fix.
Fixed in selinux-policy-3.7.19-144.el6
Is that something we ship? Disabling the permissivedomains here will only disable the ones that we ship. If a user creates a permissive domain or adds one using
semanage permissive -a bcfg2_t
Then disabling the permissivedomain.pp file will have no effect.
We don't ship this policy in RHEL6.3.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.