Description of problem: genhomedircon doesn't strip the newline when constructing VALID_SHELLS thus VALID_SHELLS looks like this: ['/bin/sh\n', '/bin/bash\n', '/sbin/nologin\n', '/bin/tcsh\n', '/bin/csh\n', '/bin/ksh\n', '/bin/zsh\n'] This then goes on to fail the shells of users who have this: '/bin/bash' Version-Release number of selected component (if applicable): policycoreutils-1.30.10-1.fc5 How reproducible: Every time Steps to Reproduce: 1. Add print VALID_SHELLS beneath line 33 2. Run /usr/sbin/genhomedircon 3. (For extra hilarity run "/sbin/restorecon -R -v /home" on a system with user home dirs that are in subdirectories e.g. /home/member/user ) Actual results: ['/bin/sh\n', '/bin/bash\n', '/sbin/nologin\n', '/bin/tcsh\n', '/bin/csh\n', '/bin/ksh\n', '/bin/zsh\n'] (in the extra hilarity case parts of a user's home directory become mislabelled e.g. public_html) Expected results: same output as above but without the newline (\n) characters Additional info: Fixable by changing the VALID_SHELLS line to: VALID_SHELLS = fd.readlines().trim() Python documentation warns that the newline isn't stripped here: http://docs.python.org/lib/bltin-file-objects.html#l2h-244 Setting to severity to high because of the breakage caused on a relabel.
Fixed in 1.30.10-2.fc5
I'm just looking at man getusershell ... technically shouldn't you only default /bin/sh and /bin/csh if /etc/shells is empty?