Description of problem: After a fresh install running fixfiles check reveals the following problems /sbin/setfiles: relabeling /usr/share/locale/ka from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0 /sbin/setfiles: relabeling /usr/share/locale/ka/LC_MESSAGES from system_u:object_r:usr_t:s0 to system_u:object_r:locale_t:s0 ... Seems rpm is not setting the context when it creates directories "lazily" At least this is what Jeremy suggested.
Perhaps. The code that sets contexts on "orphan" directories is rather straightforward however. A reproducer with -vv --fsmdebug should be a rather easy way to establish whether rpm is setting file contexts correctly or not. I claim Jeremy hasn't a clue. Want to bet? Meanwhile, this patch is relevant for those (like me) who don't wish to run SELinux: @@ -1276,7 +1337,12 @@ /*@-compdef@*/ rpmts ts = fsmGetTs(fsm); /*@=compdef@*/ - rpmsx sx = rpmtsREContext(ts); + rpmsx sx = NULL; + + /* XXX Set file contexts on non-packaged dirs iff selinux enabled. */ + if (ts != NULL && rpmtsSELinuxEnabled(ts) == 1 && + !(rpmtsFlags(ts) & RPMTRANS_FLAG_NOCONTEXTS)) + sx = rpmtsREContext(ts); fsm->path = NULL; @@ -1305,7 +1371,8 @@ fsm->path = dn; /* Assume '/' directory exists, "mkdir -p" for others if non-existent */ - for (i = 1, te = dn + 1; *te != '\0'; te++, i++) { + (void) urlPath(dn, (const char **)&te); + for (i = 1, te++; *te != '\0'; te++, i++) { if (*te != '/') /*@innercontinue@*/ continue;
No additional info == NOTABUG
User pnasrat's account has been closed
Reassigning to owner after bugzilla made a mess, sorry about the noise...
Tested with rpm-4.4.2.2-0.1.fc8.rc1 (which has no selinux/directory handling related changes over 4.4.2.1) and directories that aren't explicitly owned by packages get correct context. Works for me, if it doesn't for you I'll need a reproducer...