Description of problem: In IPA I'm loading a new policy and restoring context on a directory I'm creating in a script. restorecon is returning 1 causing my script to fail. There is no indication of why restorecon failed, either in stderr/stdout or in any log files I can find. The man page doesn't list any definitions on return codes. Version-Release number of selected component (if applicable): policycoreutils-2.0.74-17.fc12.x86_64 Steps to Reproduce: dgrift in #selinux helped me diagnose this and he reproduced the problem with: [root@localhost etc]# ls -alZ cgconfig.conf -rw-r--r--. root root system_u:object_r:var_t:s0 cgconfig.conf [root@localhost etc]# matchpathcon /etc/cgconfig.conf /etc/cgconfig.conf system_u:object_r:etc_t:s0 [root@localhost etc]# restorecon -v /etc/cgconfig.conf restorecon reset /etc/cgconfig.conf context system_u:object_r:var_t:s0->system_u:object_r:etc_t:s0 [root@localhost etc]# echo $? 1 Note that re-running the restorecon returns 0. Does this mean that restorecon returns 1 if it resets a context and 0 if it doesn't? This would be a change in behavior that needs to be documented at least in the man page.
I think this is a bug. I just tested on a newer version of policycoreutils and restorecon exits with a 0. bash-4.0# restorecon -R -v /etc restorecon reset /etc/BackupPC/pc context system_u:object_r:httpd_sys_content_rw_t:s0->system_u:object_r:httpd_sys_script_rw_t:s0 bash-4.0# echo $? 0 I tried the same thing on my F12 box and I was able to reproduce it. This is a bug in Fixed in policycoreutils-2.0.78-3.fc12
policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update policycoreutils'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13169
policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.