Description of problem: semange does not work correctly when a space appears in the path to file Version-Release number of selected component (if applicable): from rpm: policycoreutils-1.33.12-14.2.el5 How reproducible: apparently always Steps to Reproduce: 1. Create a directory with a space and two files ("/home/user/test me/file1" and "/home/user/test me/file2") 2. chcon -t <context>_t /home/user/test me/file1 3. chcon -t <context>_t /home/user/test me/file2 4. semanage fcontext -a -t <context>_t /home/user/test me/file1 5. semanage fcontext -a -t <context>_t /home/user/test me/file2 Actual results: Step 4 completes correctly, Step 5 produces the following error(s): #semanage fcontext -a -t <context>_t file2 libsepol.sepol_context_from_string: malformed context "me/file1" libsepol.sepol_context_from_string: could not construct context from string libsemanage.fcontext_parse: invalid security context "me/file1" (/etc/selinux/targeted/modules/tmp//file_contexts.local: 4) /home/user/test me/file1 system_u:object_r:<context>_t:s0 libsemanage.fcontext_parse: could not parse file context record libsemanage.dbase_file_cache: could not cache file database libsemanage.enter_rw: could not enter read-write section /usr/sbin/semanage: Could not add file context for file2 Expected results: Policy addition would be added to /etc/selinux/targeted/modules/tmp/file_contexts.local normally. Additional info: This appears to happen with any file where the path has a space in it. I've attempted quoting the string passed to semanage as well as quoting and escaping the string in /etc/selinux/targeted/modules/tmp/file_contexts.local, but since it is generated, it gets overwritten.
Sadly neither to the tools or libraries. We do not have a good solution to this other then, dont do that. Use a regular expression to get around it.
Not my choice, it is a piece of software called Sassafras KeyServer that we are installing that is creating directories with spaces in it, and then has an executeable that is trying to do text relocation with libraries. It appears the parser of the policy files just needs to be fixed. Is this something that is in the pipeline to be one? "Just don't do that" doesn't sound like a good long term solution. I'm not sure what exactly you mean by using a regular expression to get around it either. Thanks, Dave
Something like semanage fcontext -a -t <context>_t '/home/user/.*/file1' or semanage fcontext -a -t <context>_t '/home/user/[^/]*/file1'
This is too difficult to fix and has an easy work around.