On 06/22/2013 12:17 PM, Sven Vermeulen wrote:
Hi guys Since libpcre 8.33, the behavior of restorecon is different. Take the context for /sbin for instance: Before libpcre 8.33: # matchpathcon /sbin /sbin system_u:object_r:bin_t:s0 With and after libpcre 8.33: # matchpathcon /sbin /sbin <<none>> As a result, trying to reset the label fails: # restorecon -Fv /sbin restorecon: Warning no default label for /sbin Is this a bug in libpcre or are we using it differently? According to Alphat-PC, it is due to rev 1313 of libpcre: http://vcs.pcre.org/viewvc?view=revision&revision=1313 Thanks to Alphat-PC for reporting and debugging it at https://bugs.gentoo.org/show_bug.cgi?id=471718
Looks to me as if the compiled regex format changed. So that would be a problem for previously compiled regexes cached in the .bin files under /etc/selinux/$SELINUXTYPE/contexts/files. You would need to re-run sefcontext_compile to regenerate them or delete them and fall back to loading from the source configurations.
Not sure if there is a way to automatically detect the change in format and handle the conversion on the libselinux side.
-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with the words "unsubscribe selinux" without quotes as the message.
