Open golmaal opened 4 years ago
@golmaal Thanks for the report. Looks like the output from the restorecon
command has changed and we need to detect and handle the new output in the module.
@garethgreenaway Can you update the labels of this issue given the status of the PR?
Description of Issue
I get an exception as following when applying the policy (created with name=/var/www/html/repo/(.*)? and sel_type=httpd_sys_content_t) as following:
I tracked it down to my policycoreutils RPM policycoreutils-2.9-3.el8_1.1.x86_64. The command run by /usr/lib/python3.6/site-packages/salt/modules/selinux.py (https://github.com/saltstack/salt/blob/9adc2214c3bb7c68f820f7bd5fe5e132b7b3fbc9/salt/modules/selinux.py#L719)
restorecon -v -F -R /var/www/html/repo/
returns 'Relabeled /var/www/html/repo/index.html from unconfined_u:object_r:var_t:s0 to system_u:object_r:httpd_sys_content_t:s0' instead of 'restorecon reset...' as expected by fcontext_apply_policy method in selinux.py execution module...Thoughts
This issue can be fixed by initialing the changes dictionary unconditionally on line 720 in modules/selinux.py file. However, to get the correct list of new/old, pattern would need to be updated anyway.
Steps to Reproduce Issue
On CentOS 8 -
On CentOS 7 -
Versions Report