Comments

39 Comments

@stevestorey,

tcp port 1234 is defined as monopd_port_t and commit for this is in repo from 2005-09-13 so, you cannot use -a in semanage becuase it's already defined.

lvrabec@lvrabec-workstation ~ » rpm -q selinux-policy selinux-policy-3.13.1-283.24.fc27.noarch lvrabec@lvrabec-workstation ~ » sudo semanage port -m -t ssh_port_t -p tcp 1234 1 ↵ lvrabec@lvrabec-workstation ~ » sudo semanage port -l | grep 1234
monopd_port_t tcp 1234 ssh_port_t tcp 1234, 22

After update...

lvrabec@lvrabec-workstation ~ » rpm -q selinux-policy
selinux-policy-3.13.1-283.26.fc27.noarch lvrabec@lvrabec-workstation ~ » sudo semanage port -m -t ssh_port_t -p tcp 1234
lvrabec@lvrabec-workstation ~ » sudo semanage port -l | grep 1234
monopd_port_t tcp 1234 ssh_port_t tcp 1234, 22

It looks like you have some custom modifications on your system (e.g: systemdmodules-syscapability) you are stopped by neverallow rule.

This is not issue in selinux-policy update but on your system.

Lukas.

I fixed some bugs related to selinux-policy from this thread and add couple of new ones from bugzilla.

Works for me.

@mlabbott .13.fc26 build fixing your issue.

karma

Looks fine.

BZ#1484039 sealert -l ... complains about undefined symbol bswap_32 in _qpol.cpython

Kakoskin, Your issues are fixed in BZ.

karma

LGTM

Works for me

BZ#1329321 Suggests non working command when trimmed processes names are encountered
BZ#1329037 module name in troubleshoot instruction should be my_<command> instead of mypol
karma

LGTM

Test Case OpenSSH

norenh, Agree this was caused by incomplete back-porting from rawhide branch. New build selinux-policy-3.13.1-128.28.fc22 fix this issue.

1286325 looks fine.

BZ#1286325 semanage permissive fails and reports valid domain types as "not a domain type"

1286325 looks fine.

BZ#1286325 semanage permissive fails and reports valid domain types as "not a domain type"
BZ#1264051 selinux-policy-targeted-3.13.1-128.13.fc22 breaks systemctl, and prevents reboot