- A new "noreload" option has been implemented for semanage commands in Red Hat Enterprise Linux 6.6. However, due to a missing reload initialization in the semanageRecords() function, users could not enable a Boolean directly using seobject python module coming from the policycoreutils-python utility. This bug has been fixed, and users can now set the Boolean correctly also using the seobject python module.
- An attempt to use the SELinux graphical utility to create a new SELinux policy with a name that contained the dash character ("_") failed with an error. The underlying source code has been modified to fix this bug and the error is no longer returned in the described scenario. As a result, it is possible to create SELinux policies with names containing "_".
- The "sandbox -M" command failed to start when the home directory was linked with a symbolic link. This bug has been fixed and sandbox now properly works with home directories linked with symbolic links.
- Certain option descriptions were missing from the sandbox(8) and restorecon(8) manual pages. The descriptions have been added to those manual pages.
- The "semanage fcontext -a -e [source_directory] [target_directory]" command sets the same SELinux file context for the target directory as the source directory has. When the user specified the name of the source directory with the trailing slash character ("/") at the end, the command failed to change the context. This update applies a patch to fix this bug and the command now works as expected.
- When running the "semanage permissive -a [type]" command with an incorrect domain type, an invalid .te file was generated and stored. Consequently, an attempt to execute the command again with the valid domain type failed because semanage tried to compile the previously generated invalid .te file. This bug has been fixed and semanage now works as expected.
- The semanage "-N" option was not supported and an error was returned when trying to use the option. This update adds the support for the "-N" option.
- The "fixfiles restore", "fixfiles check", and "fixfiles validate" commands can be executed with or without specifying a directory. Previously, when the aforementioned commands were run with no directory specified, they returned a non-zero value. This behavior is incorrect because no error was encountered. The underlying source code has been modified to fix this bug and the commands no longer return a non-zero value in the described scenario.
- Due to an incorrect handling of parameters in the setfiles code, the setfiles command did not check the legality of all given parameters. With this update, the code has been modified and setfiles now correctly checks the legality of the given parameters.
- When the setfiles utility was executed with a non-existent directory specified, the command was supposed to return an error message but it did not. The underlying source code has been modified to fix this bug and the command now properly returns the error message in the described scenario.
- This update removes the incorrectly working sandbox "-c" option.
- The setfiles "-d" option shows what specification matches each file. The setfiles "-q" option suppresses a non-error output. Previously, it was possible to specify both options in one setfiles command, even though the options were contrary to each other. With this update, the options have been marked as mutually exclusive. As a result, an attempt to execute them at once fails and an error message is returned.
- An attempt to run the semanage command with the "-i" argument specified failed with a traceback. The underlying source code has been modified to fix this bug and "semanage -i" now works as expected.