547433 – restorecon returning 1, no other errors indicated

Bug 547433 - restorecon returning 1, no other errors indicated

Summary: restorecon returning 1, no other errors indicated

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	policycoreutils
Sub Component:
Version:	12
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Walsh
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-12-14 16:54 UTC by Rob Crittenden
Modified:	2009-12-27 20:30 UTC (History)
CC List:	2 users (show)
Fixed In Version:	2.0.78-3.fc12
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-12-27 20:30:51 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Rob Crittenden 2009-12-14 16:54:29 UTC

Description of problem:

In IPA I'm loading a new policy and restoring context on a directory I'm creating in a script. restorecon is returning 1 causing my script to fail. There is no indication of why restorecon failed, either in stderr/stdout or in any log files I can find.

The man page doesn't list any definitions on return codes.

Version-Release number of selected component (if applicable):

policycoreutils-2.0.74-17.fc12.x86_64

Steps to Reproduce:

dgrift in #selinux helped me diagnose this and he reproduced the problem with:

[root@localhost etc]# ls -alZ cgconfig.conf
-rw-r--r--. root root system_u:object_r:var_t:s0 cgconfig.conf
[root@localhost etc]# matchpathcon /etc/cgconfig.conf
/etc/cgconfig.conf system_u:object_r:etc_t:s0
[root@localhost etc]# restorecon -v /etc/cgconfig.conf
restorecon reset /etc/cgconfig.conf context system_u:object_r:var_t:s0->system_u:object_r:etc_t:s0
[root@localhost etc]# echo $?
1

Note that re-running the restorecon returns 0.

Does this mean that restorecon returns 1 if it resets a context and 0 if it doesn't? This would be a change in behavior that needs to be documented at least in the man page.

Comment 1 Daniel Walsh 2009-12-15 13:38:26 UTC

I think this is a bug.  I just tested on a newer version of policycoreutils and restorecon exits with a 0.

bash-4.0# restorecon -R -v /etc
restorecon reset /etc/BackupPC/pc context system_u:object_r:httpd_sys_content_rw_t:s0->system_u:object_r:httpd_sys_script_rw_t:s0
bash-4.0# echo $?
0

I tried the same thing on my F12 box and I was able to reproduce it.

This is a bug in 

Fixed in policycoreutils-2.0.78-3.fc12

Comment 2 Fedora Update System 2009-12-16 01:10:04 UTC

policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update policycoreutils'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-13169

Comment 3 Fedora Update System 2009-12-27 20:30:47 UTC

policycoreutils-2.0.78-3.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.