When "store" is set, sepolicy needs to load a new policy file and selinux module needs to set the new store root path. With this patch, semanage is able to work correctly with non-default -S <store> even when the default policy is not installed yet. Fixes: $ sudo semanage login -S minimum -m -s unconfined_u -r s0-s0:c0.c1023 __default__ libsemanage.dbase_llist_query: could not query record value OSError: [Errno 0] Error Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861 Signed-off-by: Petr Lautrbach <plautrba@xxxxxxxxxx> --- python/semanage/seobject.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/python/semanage/seobject.py b/python/semanage/seobject.py index 4490e03f..556d3ba5 100644 --- a/python/semanage/seobject.py +++ b/python/semanage/seobject.py @@ -260,6 +260,8 @@ class semanageRecords: if self.store == "" or self.store == localstore: self.mylog = logger() else: + sepolicy.load_store_policy(self.store) + selinux.selinux_set_policy_root("%s%s" % (selinux.selinux_path(), self.store)) self.mylog = nulllogger() def set_reload(self, load): @@ -1329,7 +1331,7 @@ class ibpkeyRecords(semanageRecords): def __init__(self, args = None): semanageRecords.__init__(self, args) try: - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibpkey_type"]) + q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"]) self.valid_types = sorted(str(t) for t in q.results()) except: pass @@ -1589,7 +1591,7 @@ class ibendportRecords(semanageRecords): def __init__(self, args = None): semanageRecords.__init__(self, args) try: - q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibendport_type"]) + q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"]) self.valid_types = set(str(t) for t in q.results()) except: pass -- 2.20.1
