Whenever I use semodule to add or remove a module or update some selinux packages I get a lot of errors like *username* homedir /home/*servername*/misc/*username* or its parent directory conflicts with a defined context in /etc/selinux/targeted/contexts/files/file_contexts, /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin. We have a lot of home directories of the form /home/server/misc/user and it seems that the problem is that genhomedircon is comparing each with the /misc line in /etc/selinux/targeted/contexts/files/file_contexts and deciding they match and thus produces an error. I believe the problem is that in the checkExists subroutine of genhomedircon the line if re.search(regex,home, 0): causes a match if regex fits any substring of "home". I believe you actually want if re.match(regex,home): so that it matches from the beginning of the string. I have seen this with a number of versions of policycoreutils, including the current one: policycoreutils-2.0.16-6.fc7
Created attachment 158595 [details] Suggested patch for genhomedircon
Fixed in policycoreutils-2.0.22-4.fc8