When "store" is set, sepolicy needs to load a new policy file and selinux module needs to set the new store root path. With this patch, semanage is able to work correctly with non-default -S <store> even when the default policy is not installed yet. Fixes: $ sudo semanage login -S minimum -m -s unconfined_u -r s0-s0:c0.c1023 __default__ libsemanage.dbase_llist_query: could not query record value OSError: [Errno 0] Error Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861 Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- python/semanage/seobject.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 2b43b65c..7b9c68b1 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -260,6 +260,8 @@ class semanageRecords: if self.store == "" or self.store == localstore: self.mylog = logger() else: + sepolicy.load_store_policy(self.store) + selinux.selinux_set_policy_root("%s%s" % (selinux.selinux_path(), self.store)) self.mylog = nulllogger() def set_reload(self, load): -- 2.20.1
