Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 233153 - LSPP: semanage not always removing entry from /etc/selinux/mls/modules/active/nodes.local
Summary: LSPP: semanage not always removing entry from /etc/selinux/mls/modules/active...
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: policycoreutils
Version: 5.0
Hardware: x86_64
OS: Linux
Target Milestone: ---
: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
Depends On:
Blocks: RHEL5LSPPCertTracker
TreeView+ depends on / blocked
Reported: 2007-03-20 18:03 UTC by Kylene J Hall
Modified: 2007-11-30 22:07 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-04-11 15:09:45 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Kylene J Hall 2007-03-20 18:03:46 UTC
Description of problem:
Occasionally, my tests are blowing up and leaving tun devices around in semanage
interface -l.  When I remove the interface with `semanage interface -d tun#`
where # is the number of the device left the corresponding entry is not removed
from  /etc/selinux/mls/modules/active/nodes.local thus when I attempt to rerun I
am told the address already exists.

Version-Release number of selected component (if applicable):

[root/abat_r/SystemLow@xracer5 framework]# rpm -q kernel; rpm -q selinux-policy
[root/abat_r/SystemLow@xracer5 framework]# uname -a
Linux 2.6.18-8.1.1.el5.lspp.69 #1 SMP Mon Mar 19
14:50:21 EDT 2007 x86_64 x86_64 x86_64 GNU/Linux

How reproducible:

Steps to Reproduce:
1. Leave tun device around from testing
2. semange interface -d <tun-device>
3. Look at /etc/selinux/mls/modules/active/nodes.local
Actual results:
Address remains

Expected results:
Address not expected to be there any more.

Additional info

 semanage interface -l
SELinux Interface              Context

lo                             system_u:object_r:lo_netif_t:s0-s15:c0.c1023
tun2                           system_u:object_r:tun_tap_device_t:s0-s15:c0.c1023
[root/abat_r/SystemLow@xracer5 framework]# cat
# This file is auto-generated by libsemanage
# Please use the semanage command to make changes

nodecon ipv4
[root/abat_r/SystemLow@xracer5 framework]# semanage interface -d tun2
[root/abat_r/SystemLow@xracer5 framework]# cat
# This file is auto-generated by libsemanage
# Please use the semanage command to make changes

nodecon ipv4
[root/abat_r/SystemLow@xracer5 framework]# rpm -qf `which semanage`

[root/abat_r/SystemLow@xracer5 framework]# ls -Z `which semanage`
-rwxr-xr-x  root root system_u:object_r:semanage_exec_t:SystemLow /usr/sbin/semanage
[root/abat_r/SystemLow@xracer5 framework]# ls -Z
-rw-r--r--  root root abat_u:object_r:selinux_config_t:SystemLow
[root/abat_r/SystemLow@xracer5 framework]# id
uid=0(root) gid=0(root)

Comment 1 Kylene J Hall 2007-03-21 20:10:49 UTC
I think this problem was related to this bug:

Comment 3 Daniel Walsh 2007-03-26 18:25:53 UTC
I am confused.

semanage interface -a 

creates an interfaces.local file not a nodes.local file?

Comment 4 George C. Wilson 2007-03-26 20:37:43 UTC
Please confirm that this bug report is accurate. What is nodes.local and where
did it come from? Please retry on 70 kernel.

Comment 5 George C. Wilson 2007-04-02 20:20:44 UTC
Loulwa and Joy looking at this one. Attempting to rerun test now. May be
testcase cleanup issue.

Comment 6 George C. Wilson 2007-04-09 20:36:17 UTC
Loulwa and Joy still looking. Not semange. Call from libsemanage or libsepol -
semanage_node =_create()? Testcase makes calls directly to libsemange. Should be
able to manage nodes via semanage accordig to dwalsh.

Comment 7 Joy Latten 2007-04-11 14:58:02 UTC
Ok, this appears to no longer be a problem. Twice, I ran the testcases Kylie was
running on two x86_64 platforms with no problems. After the testcases completed,
there was an /etc/selinux/mls/modules/active/nodes.local file but it did not
contain any entries. Thus the entries were being removed successfully. 
I am using a more recent kernel and policy than Kylie was so perhaps the problem
has been fixed. 

Perhaps we can close this and if the problem occurs again we can always reopen.

Comment 8 Daniel Walsh 2007-04-11 15:09:45 UTC
I am updating semanage to handle nodes, but I think we should close this bug.

Note You need to log in before you can comment on or make changes to this bug.