Issue #11674 has been updated by Oliver Hookins. Status changed from Investigating to Needs Decision
The underlying problem is that getsebool only reads the memory value and not the policy file value. So the policy value (i.e. the persistent value) goes untouched if it differs from the value in memory if that value is correct even if persistent is set to true. Not sure if that makes a whole lot of sense, but without a way to check both the memory value and policy value on disk (i.e. a utility from the SELinux system, or integration with SELinux libraries), then we must assume an inconsistent state in the policy file at all times and call setsebool -P X=Y whenever the persistent attribute is true. This is a change in behaviour and the code has not changed between 2.7.9 and master so I assume it has not yet been fixed. ---------------------------------------- Bug #11674: selboolean persistent doesn't seem to work https://projects.puppetlabs.com/issues/11674 Author: Bill Tong Status: Needs Decision Priority: Normal Assignee: Category: SELinux Target version: Affected Puppet version: 2.7.9 Keywords: Branch: If I toggle selboolean's persistent => 'true' to 'false' and back again I get no change logged. -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
