Description of problem: When selinux-policy-targeted-sources is installed , it currupts the file file_contexts and policy.conf if CDPATH environment variable is set. The package should not depend on this kind of behavior as this environment variable can be set by any package. Version-Release number of selected component (if applicable): selinux-policy-targeted-sources-1.17.30-2.140 How reproducible: export CDPATH=.:/tmp install selinux-policy-targeted-sources. Installation may be successful as the output of compilation of policy is not visibile due to redirection to /dev/null Now if you manually run make -C /etc/selinux/targeted/src/policy/ load make: Entering directory `/etc/selinux/targeted/src/policy' mkdir -p /etc/selinux/targeted/policy /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf /usr/bin/checkpolicy: loading policy configuration from policy.conf tmp/program_used_flags.te:2:ERROR 'syntax error' at token '/etc/selinux/targeted/src/policy/domains/program' on line 1164: /etc/selinux/targeted/src/policy/domains/program #line 1 "tmp/program_used_flags.te" /usr/bin/checkpolicy: error(s) encountered while parsing configuration make: *** [/etc/selinux/targeted/policy/policy.18] Error 1 make: Leaving directory `/etc/selinux/targeted/src/policy' make -C /etc/selinux/targeted/src/policy/ load If you open file "/etc/selinux/targeted/contexts/files/file_contexts" there will be two wrong entries in line num 17 and line num 42. Steps to Reproduce: 1.export CDPATH=.:/tmp 2. rpm -ivh selinux-policy-targeted-sources-1.17.30-2.140.noarch.rpm 3. make -C /etc/selinux/targeted/src/policy/ load Actual results: make: Entering directory `/etc/selinux/targeted/src/policy' mkdir -p /etc/selinux/targeted/policy /usr/bin/checkpolicy -o /etc/selinux/targeted/policy/policy.18 policy.conf /usr/bin/checkpolicy: loading policy configuration from policy.conf tmp/program_used_flags.te:2:ERROR 'syntax error' at token '/etc/selinux/targeted/src/policy/domains/program' on line 1164: /etc/selinux/targeted/src/policy/domains/program #line 1 "tmp/program_used_flags.te" /usr/bin/checkpolicy: error(s) encountered while parsing configuration make: *** [/etc/selinux/targeted/policy/policy.18] Error 1 make: Leaving directory `/etc/selinux/targeted/src/policy' Also the file /etc/selinux/targeted/contexts/files/file_contexts contains wrong entries as below. # Distro-specific customizations. # Comment out all but the one that matches your distro. # The policy .te files can then wrap distro-specific customizations with # appropriate ifdefs. /etc/selinux/targeted/src/policy/domains/program /etc/selinux/targeted/src/policy/domains/misc # # This file describes the security contexts to be applied to files Expected results: Policies should be compiled without any errors Additional info: This is because in the sources installation scripts following is done ( cd domains/program/ ; for n in *.te ; do echo "define(\`$n')"; done ) > tmp/program_used_flags.te.tmp Here "cd" behavior changes when CDPATH variable is set. A cd to domain/program/ directory will echo the absolute path to the new directory which will also get directed to the file and hence currupts the file. This behavior of cd command is documented well in man pages when CDPATH is set and hence it not advisible to use cd in such cases or use absolute path which start with / Man page extract: cd [-L|-P] [dir] Change the current directory to dir. The variable HOME is the default dir. The variable CDPATH defines the search path for the directory containing dir. Alternative directory names in CDPATH are separated by a colon (:). A null directory name in CDPATH is the same as the current directory, i.e., ââ.ââ. If dir begins with a slash (/), then CDPATH is not used. The -P option says to use the physical directory structure instead of following symbolic links (see also the -P option to the set builtin command); the -L option forces symbolic links to be followed. An argument of - is equivalent to $OLDPWD. If a non-empty directory name from CDPATH is used, or if - is the first argument, and the directory change is successful, the abso- lute pathname of the new working directory is written to the standard output. The return value is true if the directory was successfully changed; false otherwise.
Since we no longer use this method in RHEL5 or any of the Fedora Releases. I am going to close this as a wontfix. It is easily worked around.