The bug below also exists in policycoreutils-1.33.12-12.el5 on CentOS 5 (and presumably therefore RHEL5 as well). +++ This bug was initially created as a clone of Bug #247117 +++ Whenever I use semodule to add or remove a module or update some selinux packages I get a lot of errors like *username* homedir /home/*servername*/misc/*username* or its parent directory conflicts with a defined context in /etc/selinux/targeted/contexts/files/file_contexts, /usr/sbin/genhomedircon will not create a new context. This usually indicates an incorrectly defined system account. If it is a system account please make sure its login shell is /sbin/nologin. We have a lot of home directories of the form /home/server/misc/user and it seems that the problem is that genhomedircon is comparing each with the /misc line in /etc/selinux/targeted/contexts/files/file_contexts and deciding they match and thus produces an error. I believe the problem is that in the checkExists subroutine of genhomedircon the line if re.search(regex,home, 0): causes a match if regex fits any substring of "home". I believe you actually want if re.match(regex,home): so that it matches from the beginning of the string. I have seen this with a number of versions of policycoreutils, including the current one: policycoreutils-2.0.16-6.fc7 -- Additional comment from m.a.young.uk on 2007-07-05 10:47 EST -- Created an attachment (id=158595) Suggested patch for genhomedircon -- Additional comment from dwalsh on 2007-07-06 10:24 EST -- Fixed in policycoreutils-2.0.22-4.fc8
Fixed in policycoreutils-1.33.12-14.1.el5
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0206.html