Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.180. policycoreutils

Updated policycoreutils packages that fix one bug are now available for Red Hat Enterprise Linux 6.
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.

Bug Fix

BZ#1148800
A new "noreload" option has been implemented for semanage commands in Red Hat Enterprise Linux 6.6. However, due to a missing reload initialization in the semanageRecords() function, users could not enable a Boolean directly using seobject python module coming from the policycoreutils-python utility. This bug has been fixed, and users can now set the Boolean correctly also using the seobject python module.
Users of policycoreutils are advised to upgrade to these updated packages, which fix this bug.
Updated policycoreutils packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
The policycoreutils packages contain the core utilities that are required for the basic operation of a Security-Enhanced Linux (SELinux) system and its policies.

Bug Fixes

BZ#885526
An attempt to use the SELinux graphical utility to create a new SELinux policy with a name that contained the dash character ("_") failed with an error. The underlying source code has been modified to fix this bug and the error is no longer returned in the described scenario. As a result, it is possible to create SELinux policies with names containing "_".
BZ#913175
The "sandbox -M" command failed to start when the home directory was linked with a symbolic link. This bug has been fixed and sandbox now properly works with home directories linked with symbolic links.
BZ#961805
Certain option descriptions were missing from the sandbox(8) and restorecon(8) manual pages. The descriptions have been added to those manual pages.
BZ#1002209
The "semanage fcontext -a -e [source_directory] [target_directory]" command sets the same SELinux file context for the target directory as the source directory has. When the user specified the name of the source directory with the trailing slash character ("/") at the end, the command failed to change the context. This update applies a patch to fix this bug and the command now works as expected.
BZ#1028202
When running the "semanage permissive -a [type]" command with an incorrect domain type, an invalid .te file was generated and stored. Consequently, an attempt to execute the command again with the valid domain type failed because semanage tried to compile the previously generated invalid .te file. This bug has been fixed and semanage now works as expected.
BZ#1032828
The semanage "-N" option was not supported and an error was returned when trying to use the option. This update adds the support for the "-N" option.
BZ#1043969
The "fixfiles restore", "fixfiles check", and "fixfiles validate" commands can be executed with or without specifying a directory. Previously, when the aforementioned commands were run with no directory specified, they returned a non-zero value. This behavior is incorrect because no error was encountered. The underlying source code has been modified to fix this bug and the commands no longer return a non-zero value in the described scenario.
BZ#1086456
Due to an incorrect handling of parameters in the setfiles code, the setfiles command did not check the legality of all given parameters. With this update, the code has been modified and setfiles now correctly checks the legality of the given parameters.
BZ#1086572
When the setfiles utility was executed with a non-existent directory specified, the command was supposed to return an error message but it did not. The underlying source code has been modified to fix this bug and the command now properly returns the error message in the described scenario.
BZ#1091139
This update removes the incorrectly working sandbox "-c" option.
BZ#1098062
The setfiles "-d" option shows what specification matches each file. The setfiles "-q" option suppresses a non-error output. Previously, it was possible to specify both options in one setfiles command, even though the options were contrary to each other. With this update, the options have been marked as mutually exclusive. As a result, an attempt to execute them at once fails and an error message is returned.
BZ#1119726
An attempt to run the semanage command with the "-i" argument specified failed with a traceback. The underlying source code has been modified to fix this bug and "semanage -i" now works as expected.
Users of policycoreutils are advised to upgrade to these updated packages, which fix these bugs.