[Bug report] Semanage fcontext with incorrect regexp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

When given invalid regexp, semanage reports error, but adds the invalid context to "/etc/selinux/targeted/contexts/files/file_contexts.local", which breaks the system (won't boot in enforcing mode). The new context doesn't show up on "#semanage fcontext -l -C" and cannot be removed by "semanage fcontext --delete".
Investigation on Fedora version of libsemanage showed that "file_contexts.local" is not backed up before the new version is installed into the system and therefore cannot be restored after failure. 
For more details see: https://bugzilla.redhat.com/show_bug.cgi?id=1362041

# semanage fcontext -a -t httpd_exec_t "(/.*)?"
        specfiles SHA1 digest: 980289cabd78157523679695fd2e4fd0a5b5ff05
        calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
        /etc/selinux/targeted/contexts/files/file_contexts.subs
        /etc/selinux/targeted/contexts/files/file_contexts
/etc/selinux/targeted/contexts/files/file_contexts.homedirs
        /etc/selinux/targeted/contexts/files/file_contexts.local
libsemanage.semanage_exec_prog: Child process /sbin/sefcontext_compile did not exit cleanly. (No such file or directory). libsemanage.sefcontext_compile: sefcontext_compile returned error code -1. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local (No such file or directory). 
        specfiles SHA1 digest: 5097e1780892f53aedb6d30d5d61206a159a20e7
        calculated using the following specfile(s):
/etc/selinux/targeted/contexts/files/file_contexts.subs_dist
        /etc/selinux/targeted/contexts/files/file_contexts.subs
        /etc/selinux/targeted/contexts/files/file_contexts.bin
/etc/selinux/targeted/contexts/files/file_contexts.homedirs
        /etc/selinux/targeted/contexts/files/file_contexts.local
libsemanage.semanage_exec_prog: Child process /sbin/sefcontext_compile did not exit cleanly. (No such file or directory). libsemanage.sefcontext_compile: sefcontext_compile returned error code -1. Compiling /etc/selinux/targeted/contexts/files/file_contexts.local (No such file or directory). 
        FileNotFoundError: [Errno 2] No such file or directory
# semanage fcontext -l -C
    -

# cat /etc/selinux/targeted/contexts/files/file_contexts.local
        # This file is auto-generated by libsemanage
        # Do not edit directly.

        (/.*)?    system_u:object_r:httpd_exec_t:s0

# semanage fcontext -d -t httpd_exec_t "(/.*)?"
        ValueError: File context for (/.*)? is not defined

_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux