Bug 215776 - regexp matching order (priority) for file contexts
regexp matching order (priority) for file contexts
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: selinux-policy-targeted (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Walsh
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-15 13:04 EST by QingLong
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-11-15 16:13:30 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description QingLong 2006-11-15 13:04:04 EST
Description of problem:
Selinux (kernel part? policycoreutils?) has changed regexp matching order
since fc5, making restorecon set incorrect file contexts.

Version-Release number of selected component (if applicable):
selinux-policy-targeted-2.4.3-2.fc6

How reproducible:
100%

Steps to Reproduce:
1. Create a module with .fc file containing lines like
      /opt/drweb(/bin)?/drwebd   --  
gen_context(system_u:object_r:ql_drweb_daemon_exec_t,s0)
      /opt/drweb/.+        gen_context(system_u:object_r:ql_drweb_t,s0)
2. Compile the module and load it into th kernel
3. restorecon -R /opt/drweb
4. ls -lAZ /opt/drweb/bin/

Actual results:
   system_u:object_r:ql_drweb_t               drwebd

Expected results:
   system_u:object_r:ql_drweb_daemon_exec_t   drwebd
 And that was really so in FC5. What the hell has happened to it?   &*%@%#^!!!

Additional info:
kernel-2.6.18-1.2849.fc6.i586
policycoreutils-1.32-2.fc6
I have tried to change the order of those lines in the .fc file,
that have changed nothing.
Comment 1 Daniel Walsh 2006-11-15 16:13:30 EST
/opt/drweb/.+        gen_context(system_u:object_r:ql_drweb_t,s0)
/opt/drweb/bin/drwebd   --  gen_context(system_u:object_r:ql_drweb_daemon_exec_t,s0)
/opt/drweb/drwebd   --  gen_context(system_u:object_r:ql_drweb_daemon_exec_t,s0)

Should work.

Also I bet /opt/drweb/(bin/)?drwebd   --  
gen_context(system_u:object_r:ql_drweb_daemon_exec_t,s0)

Would work

This is a problem that we hope to address in the future with new ways of
specifying file context.

Note You need to log in before you can comment on or make changes to this bug.