-
Bug
-
Resolution: Done-Errata
-
Minor
-
rhel-9.1.0
-
policycoreutils-3.6-2.1.el9
-
None
-
Low
-
1
-
rhel-sst-security-selinux
-
ssg_security
-
26
-
5
-
QE ack
-
False
-
-
No
-
CY24Q1
-
If docs needed, set a value
-
-
All
-
None
Description of problem:
Semanage export always uses a (add) even in cases where -m (-modify) needs to be used (modifying record specified in policy).
Reproducible for "semange login" and "semanage fcontext" (and maybe others).
Version-Release number of selected component (if applicable):
policycoreutils-
Steps to Reproduce:
- semanage login -m -s unconfined_u -r s0-s0:c0.c1023 _default_
- semanage export -f /tmp/exp
- semanage login -D
- semanage import -f /tmp/exp
ValueError: Login mapping for _default_ is already defined
Alternative reproducer:
- semanage fcontext -m -t boot_t "/xen(/.*)?"
- semanage export -f /tmp/exp
- semanage fcontext -D
- semanage import -f /tmp/exp
ValueError: File context for /xen(/.*)? already defined
Actual results:
The login/fcontext mapping gets removed by semanage import.
Expected results:
The login/fcontext mapping is removed and re-add by semanage import (semanage login -D, semanage login -m -s unconfined_u -r s0-s0:c0.c1023 _default_).
- external trackers
- links to
-
RHBA-2023:123965
policycoreutils bug fix and enhancement update
- mentioned on
