Bug 547433

Summary: restorecon returning 1, no other errors indicated
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: policycoreutilsAssignee: Daniel Walsh <dwalsh>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 12CC: dwalsh, mgrepl
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 2.0.78-3.fc12 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-27 20:30:51 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Rob Crittenden 2009-12-14 16:54:29 UTC 
Description of problem:

In IPA I'm loading a new policy and restoring context on a directory I'm creating in a script. restorecon is returning 1 causing my script to fail. There is no indication of why restorecon failed, either in stderr/stdout or in any log files I can find.

The man page doesn't list any definitions on return codes.

Version-Release number of selected component (if applicable):

policycoreutils-2.0.74-17.fc12.x86_64

Steps to Reproduce:

dgrift in #selinux helped me diagnose this and he reproduced the problem with:

[root@localhost etc]# ls -alZ cgconfig.conf
-rw-r--r--. root root system_u:object_r:var_t:s0 cgconfig.conf
[root@localhost etc]# matchpathcon /etc/cgconfig.conf
/etc/cgconfig.conf system_u:object_r:etc_t:s0
[root@localhost etc]# restorecon -v /etc/cgconfig.conf
restorecon reset /etc/cgconfig.conf context system_u:object_r:var_t:s0->system_u:object_r:etc_t:s0
[root@localhost etc]# echo $?
1

Note that re-running the restorecon returns 0.

Does this mean that restorecon returns 1 if it resets a context and 0 if it doesn't? This would be a change in behavior that needs to be documented at least in the man page.
Comment 1 Daniel Walsh 2009-12-15 13:38:26 UTC 
I think this is a bug.  I just tested on a newer version of policycoreutils and restorecon exits with a 0.

bash-4.0# restorecon -R -v /etc
restorecon reset /etc/BackupPC/pc context system_u:object_r:httpd_sys_content_rw_t:s0->system_u:object_r:httpd_sys_script_rw_t:s0
bash-4.0# echo $?
0

I tried the same thing on my F12 box and I was able to reproduce it.

This is a bug in 

Fixed in policycoreutils-2.0.78-3.fc12
Comment 2 Fedora Update System 2009-12-16 01:10:04 UTC 
policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update policycoreutils'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13169
Comment 3 Fedora Update System 2009-12-27 20:30:47 UTC 
policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.