@@ -260,6 +260,8 @@ class semanageRecords:
if self.store == "" or self.store == localstore:
self.mylog = logger()
else:
+ sepolicy.load_store_policy(self.store)
+ selinux.selinux_set_policy_root("%s%s" % (selinux.selinux_path(), self.store))
self.mylog = nulllogger()
def set_reload(self, load):
@@ -1329,7 +1331,7 @@ class ibpkeyRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibpkey_type"])
+ q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibpkey_type"])
self.valid_types = sorted(str(t) for t in q.results())
except:
pass
@@ -1589,7 +1591,7 @@ class ibendportRecords(semanageRecords):
def __init__(self, args = None):
semanageRecords.__init__(self, args)
try:
- q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_installed_policy()), attrs=["ibendport_type"])
+ q = setools.TypeQuery(setools.SELinuxPolicy(sepolicy.get_store_policy(self.store)), attrs=["ibendport_type"])
self.valid_types = set(str(t) for t in q.results())
except:
pass
When "store" is set, sepolicy needs to load a new policy file and selinux module needs to set the new store root path. With this patch, semanage is able to work correctly with non-default -S <store> even when the default policy is not installed yet. Fixes: $ sudo semanage login -S minimum -m -s unconfined_u -r s0-s0:c0.c1023 __default__ libsemanage.dbase_llist_query: could not query record value OSError: [Errno 0] Error Related: https://bugzilla.redhat.com/show_bug.cgi?id=1558861 Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- python/semanage/seobject.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)