Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

selinux.port_policy_present state can add but not modify #55687

Closed
knine opened this issue Dec 17, 2019 · 2 comments
Closed

selinux.port_policy_present state can add but not modify #55687

knine opened this issue Dec 17, 2019 · 2 comments
Labels
Abandoned Bug broken, incorrect, or confusing behavior help-wanted Community help is needed to resolve this severity-low 4th level, cosemtic problems, work around exists

Comments

@knine
Copy link

knine commented Dec 17, 2019

Description of Issue

The selinux.port_policy_present state does not modify SELinux Manage Policy if needed, only adds (or deletes using when using selinux.port_policy_absent) the selinux port.

Setup

Two example states for selinux.port_policy_present:

'Add Port 8000 To SELinux Port Policy':
  selinux.port_policy_present:
    - name: example1
    - protocol: tcp
    - port: 8000
    - sel_type: http_port_t

'Add Port 8007 To SELinux Port Policy':
  selinux.port_policy_present:
    - name: example2
    - protocol: tcp
    - port: 8007
    - sel_type: http_port_t

Steps to Reproduce Issue

Applying the states results in:

          ID: Add Port 8000 To SELinux Port Policy
    Function: selinux.port_policy_present
        Name: example1
      Result: False
     Comment: Error adding new policy: {u'pid': 36419, u'retcode': 1, u'stderr': u'ValueError: Port tcp/8000 already defined', u'stdout': u''}
     Started: 14:31:03.330186
    Duration: 522.656 ms
     Changes: 

          ID: Add Port 8000 To SELinux Port Policy
    Function: selinux.port_policy_present
        Name: example2
      Result: True
     Comment: 
     Started: 14:31:38.357825
    Duration: 2997.401 ms
     Changes:   
              ----------
              new:
                  ----------
                  port:
                      8007, 80, 81, 443, 488, 8008, 8009, 8443, 9000
                  protocol:
                      tcp
                  sel_type:
                      http_port_t
              old:
                  None

Inspecting the system prior to applying the highstate:

# semanage port -l | grep 8000
soundd_port_t                  tcp      8000, 9433, 16001

# semanage port -l | grep 8007
<no output>

Running the system commands by hand:

# semanage port --add --proto tcp 8000 -t http_port_t
ValueError: Port tcp/8000 already defined

# semanage port --modify --proto tcp 8000 -t http_port_t
# semanage port -l | grep http_port_t
http_port_t                    tcp      8000, 80, 81, 443, 488, 8008, 8009, 8443, 9000

After running the semanage port command by hand with the --modify option, then the highstate for port 8000 is true.

Versions Report

Master:

Salt Version:
           Salt: 2019.2.2
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: 0.31.0
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.5 (default, Jun 11 2019, 14:33:56)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: redhat 7.7 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-1062.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.7 Maipo

Minion:

Salt Version:
           Salt: 2019.2.2
 
Dependency Versions:
           cffi: Not Installed
       cherrypy: Not Installed
       dateutil: 1.5
      docker-py: Not Installed
          gitdb: Not Installed
      gitpython: Not Installed
          ioflo: Not Installed
         Jinja2: 2.7.2
        libgit2: Not Installed
        libnacl: Not Installed
       M2Crypto: 0.31.0
           Mako: Not Installed
   msgpack-pure: Not Installed
 msgpack-python: 0.5.6
   mysql-python: Not Installed
      pycparser: Not Installed
       pycrypto: 2.6.1
   pycryptodome: Not Installed
         pygit2: Not Installed
         Python: 2.7.5 (default, Sep 12 2018, 05:31:16)
   python-gnupg: Not Installed
         PyYAML: 3.11
          PyZMQ: 15.3.0
           RAET: Not Installed
          smmap: Not Installed
        timelib: Not Installed
        Tornado: 4.2.1
            ZMQ: 4.1.4
 
System Versions:
           dist: redhat 7.6 Maipo
         locale: UTF-8
        machine: x86_64
        release: 3.10.0-957.el7.x86_64
         system: Linux
        version: Red Hat Enterprise Linux Server 7.6 Maipo

(Provided by running salt --versions-report. Please also mention any differences in master/minion versions.)
@Ch3LL
Copy link
Contributor

Ch3LL commented Jan 13, 2020

looks like that state needs to have the ability added to edit a policy as well and not just add. thanks

@Ch3LL Ch3LL added Bug broken, incorrect, or confusing behavior severity-low 4th level, cosemtic problems, work around exists P4 Priority 4 and removed needs-triage labels Jan 13, 2020
@Ch3LL Ch3LL added this to the Approved milestone Jan 13, 2020
@driskell driskell mentioned this issue Feb 14, 2020
Merged
@sagetherage sagetherage removed the P4 Priority 4 label Jun 3, 2020
@dwoz dwoz modified the milestones: Approved, Chlorine v3007.0 Dec 16, 2023
dwoz added a commit to driskell/salt that referenced this issue Dec 16, 2023
@dwoz
Add changelog for saltstack#55687
3e850c7
@dwoz
Copy link
Contributor

dwoz commented Dec 16, 2023

Closing this due to inactivity. Anyone should feel free to re-open it if they want to see it through to the end in one release cycle.

@dwoz dwoz closed this as completed Dec 16, 2023
@dwoz dwoz removed this from the Chlorine v3007.0 milestone Dec 16, 2023
@dwoz dwoz added help-wanted Community help is needed to resolve this Abandoned labels Dec 16, 2023
dwoz added a commit that referenced this issue Dec 16, 2023
@dwoz
Add changelog for #55687
37d4aa2
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Abandoned Bug broken, incorrect, or confusing behavior help-wanted Community help is needed to resolve this severity-low 4th level, cosemtic problems, work around exists
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dwoz @knine @Ch3LL @sagetherage