On Thu, 2017-02-02 at 13:34 -0500, Stephen Smalley wrote: > On Thu, 2017-02-02 at 18:22 +0100, Vit Mojzis wrote: > > > > Hi list, > > we have a report about a possible regression in "semanage user" and > > I'd > > like to hear your opinion on what the correct behaviour should be. > > > > Given that local changes have been made to a SELinux user > > definition > > (originally defined in policy) > > e.g. # semanage user -m staff_u -r "s0" > > and the SELinux user is mapped to some Linux user > > # semanage login -a -s staff_u staff > > both > > # semanage user -d staff_u > > and > > # semanage user --deleteall > > will fail to remove the local change with the following message: > > "libsemanage.lookup_seuser: staff_u is being used by staff login > > record > > (Invalid argument)." > > > > Is this the intended behaviour? > > > > I would assume that this error message was intended only for > > locally > > defined SELinux users (in which case "semanage user -d > > selinux_user" > > would remove the only definition of "selinux_user"). If so, is > > there > > any > > way to determine if a SELinux user has been defined only locally > > (as > > opposed to being defined in policy) after some local changes have > > been made? > > This appears to work correctly for me with release 20161014 (2.6); > the > two delete commands you specified above succeeded and the entry was > removed. What version are you using? Never mind, my mistake. I can reproduce it. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
