Hi all, A user reported this bug and figured out how to reproduce it: https://bugs.gentoo.org/558686 I am able to reproduce it on different systems also in permissive mode so it can't be a policy issue. To reproduce, do the following: To start off, everything is fine. all the other fcontext have no issues. and it happens for all strict/mcs/mls. # ls -al /etc/selinux/mls/contexts/files/file_contexts.homedirs* -rw-r--r--. 1 root root 2981 Sep 3 09:47 /etc/selinux/mls/contexts/files/file_contexts.homedirs -rw-r--r--. 1 root root 11493 Sep 3 09:47 /etc/selinux/mls/contexts/files/file_contexts.homedirs.bin The boolean here is unimportant, so is on/off. I also tried using semanage boolean -m and the effect is the same. The -P is important, without the -P there is no problem. # setsebool -P user_ping off Note the file sizes after the boolean is set. # ls -al /etc/selinux/mls/contexts/files/file_contexts.homedirs* -rw-r--r--. 1 root root 0 Sep 3 09:48 /etc/selinux/mls/contexts/files/file_contexts.homedirs -rw-r--r--. 1 root root 35 Sep 3 09:48 /etc/selinux/mls/contexts/files/file_contexts.homedirs.bin The workaround is to just always rebuild the policy after booleans are set. # semodule -B # ls -al /etc/selinux/mls/contexts/files/file_contexts.homedirs* -rw-r--r--. 1 root root 2981 Sep 3 09:49 /etc/selinux/mls/contexts/files/file_contexts.homedirs -rw-r--r--. 1 root root 11493 Sep 3 09:49 /etc/selinux/mls/contexts/files/file_contexts.homedirs.bin There is an strace excerpt in comment 8 in the gentoo bug. Does anyone have the fix for this? I looked through the setsebool code and looks like it's a problem in libsemanage but I did not look much further. -- Jason _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
