Description of problem: Can be reproduced by executing: semanage fcontext -a -t var_t '/myvar/*' Version-Release number of selected component: libselinux-2.5-9.fc24 Additional info: reporter: libreport-2.7.2 backtrace_rating: 4 cmdline: /sbin/sefcontext_compile /etc/selinux/targeted/contexts/files/file_contexts.local crash_function: write_binary_file environ: executable: /usr/sbin/sefcontext_compile global_pid: 10001 kernel: 4.6.3-300.fc24.x86_64 pkg_fingerprint: 73BD E983 81B4 6521 pkg_vendor: Fedora Project runlevel: N 5 type: CCpp uid: 0 Truncated backtrace: Thread no. 1 (1 frames) #0 write_binary_file at sefcontext_compile.c:243
Created attachment 1183195 [details] File: backtrace
Created attachment 1183196 [details] File: cgroup
Created attachment 1183197 [details] File: core_backtrace
Created attachment 1183198 [details] File: dso_list
Created attachment 1183199 [details] File: exploitable
Created attachment 1183200 [details] File: limits
Created attachment 1183201 [details] File: maps
Created attachment 1183202 [details] File: mountinfo
Created attachment 1183203 [details] File: namespaces
Created attachment 1183204 [details] File: open_fds
Created attachment 1183205 [details] File: proc_pid_status
Created attachment 1183206 [details] File: var_log_messages
Thanks for the report. It needs to be fixed. However, the reproducer most likely doesn't use a correct expression. FILE_SPEC is processed as PCRE so unless you want ["/myvar", "/myvar/", "/myvar//", "/myvar///", ...] it should be "/myvar/.*" or "/myvar(/.*)?" depends whether you want "/myvar" in the list or not.
Indeed, FILE_SPEC expression which triggers this issue has been discovered only accidentally, by a typo in the custom script. Correct expression was "/myvar/*".
(In reply to Peter "Pessoft" Kolínek from comment #14) > Indeed, FILE_SPEC expression which triggers this issue has been discovered > only accidentally, by a typo in the custom script. Correct expression was > "/myvar/*". :) "/myvar/.*"
The issue is solved on upstream and the fix will propagate to fedora branch during next rebase. https://github.com/SELinuxProject/selinux/commit/6e2bdb770f6311060b111e87bd7af653e225be9d
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25, secilc-2.5-6.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b7e8e980ef
checkpolicy-2.5-8.fc25, libselinux-2.5-12.fc25, libsemanage-2.5-8.fc25, libsepol-2.5-10.fc25, policycoreutils-2.5-17.fc25, secilc-2.5-6.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.