Description of problem: Since Fedora 20 the syntax of the command semanage fcontext option -f has changed in an incompatible way to previous versions. I think that this change should be noted in the updates to the Fedora 20 release notes. In previous versions, the argument to semanage fcontext option -f was also prefixed by a dash "-". In Fedora 20, the argument contains no dash, and the char for "regular file" was changed from "-" to "f". I think that the change is reasonable, because dashes in arguments are unsual in linux / unix command lines. But the change is incompatible with previous versions and breaks existing scripts, so I think the users and administrators should be informed of that change! It would be nice if the developers of semanage command would also accept the old syntax, together with the new one, to be backward compatible - at least for some time. But this is another point - not regarding the documentation. Version-Release number of selected component (if applicable): policycoreutils-2.2.5-1.fc20.x86_64 How reproducible: Always. Steps to Reproduce: Compare the man page of "semanage" on policycoreutils-python-2.1.14-46.6.fc19.x86_64 and of "semanage-fcontext" on policycoreutils-2.2.5-1.fc20.x86_64 regarding option "-f" (filetype).
It's a little late to add this to the release notes, but there are many `semanage fcontext` invocations documented in the security guide so I'm reassigning there.
Hmmm... I don't see where we mention -f (or f) anywhere in our documentation. I'm not going to be able to add this into the guide, right now, only because I wouldn't know where to put it. I recognize that our SELinux documentation is severely lacking and I'm hoping to be able to start putting hours down combing through Dan's blog to help remedy these deficiencies. I'll keep this ticket open as a reminder that this does need to be documented.
I found the difference in semanage syntax by comparing the manpages fon F19 and F20 (when looking for the reason why my scripts has failed): F19: man semanage -f, --ftype File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use -d to match only directories or -- to match only regular files. F20: man semanage-fcontext -f [{a,f,d,c,b,s,l,p}], --ftype [{a,f,d,c,b,s,l,p}] File Type. This is used with fcontext. Requires a file type as shown in the mode field by ls, e.g. use 'd' to match only directories or 'f' to match only regular files. The following file type options can be passed: f (regular file),d (directory),c (character device), b (block device),s (socket),l (symbolic link),p (named pipe). If you do not specify a file type, the file type will default to "all files". I think, the documentation in F20 is sufficient, because it describes how to call the command semanage fcontext. My problem was that this is an incompable change in the syntax and that users - or at least administrators - should be notified that they have to check there scripts before they move from F19 to F20. The right place would have been the release notes (or special release notes for administrators). If the command options isn't described in the security guide until now then it need not be described only because of this change of the syntax, because the man page describes the command syntax. But of course, the security guide may present examples when and how to use semanage fcontext command. I think there should be a document where additional notes, changes, problems, etc. can be added to the release notes after release of a fedora version. Think of the page "Common F20 bugs": it is in the fedora wiki, and it is updated when there are available new "common" bugs, changes to bugs, etc.. I think fedora need something similar for release notes updates. What do you think of wiki pages for each released release notes to inform the users and administrators about additional information, changes, etc., that hasn't found the way into the release notes before release date? For example, a wiki page "Release Notes Updates for Fedora 20"? I know that this has nothing to do with security guide, but I think Fedora is missing such a release notes updates document, and the problem described in this bug report is an example that should put into such a document.
I'm closing this bug as part of a Bugzilla cleanup effort. The most likely reason is that the bug has been opened either against a component we no longer publish, or against Release Notes for an EOL release.