From: Stephen Smalley <sds@tycho.nsa.gov>
To: Sven Vermeulen <sven.vermeulen@siphos.be>
Cc: selinux@tycho.nsa.gov, Eric Paris <eparis@redhat.com>,
Daniel J Walsh <dwalsh@redhat.com>
Subject: Re: pcre 8.33 changes restorecon behavior
Date: Mon, 24 Jun 2013 08:50:51 -0400 [thread overview]
Message-ID: <51C840AB.2030606@tycho.nsa.gov> (raw)
In-Reply-To: <20130622161711.GA2010@siphos.be>
On 06/22/2013 12:17 PM, Sven Vermeulen wrote:
> Hi guys
>
> Since libpcre 8.33, the behavior of restorecon is different. Take the
> context for /sbin for instance:
>
> Before libpcre 8.33:
> # matchpathcon /sbin
> /sbin system_u:object_r:bin_t:s0
>
> With and after libpcre 8.33:
> # matchpathcon /sbin
> /sbin <<none>>
>
> As a result, trying to reset the label fails:
>
> # restorecon -Fv /sbin
> restorecon: Warning no default label for /sbin
>
> Is this a bug in libpcre or are we using it differently? According to
> Alphat-PC, it is due to rev 1313 of libpcre:
> http://vcs.pcre.org/viewvc?view=revision&revision=1313
>
> Thanks to Alphat-PC for reporting and debugging it at
> https://bugs.gentoo.org/show_bug.cgi?id=471718
Looks to me as if the compiled regex format changed. So that would be a
problem for previously compiled regexes cached in the .bin files under
/etc/selinux/$SELINUXTYPE/contexts/files. You would need to re-run
sefcontext_compile to regenerate them or delete them and fall back to
loading from the source configurations.
Not sure if there is a way to automatically detect the change in format
and handle the conversion on the libselinux side.
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
next prev parent reply other threads:[~2013-06-24 12:50 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-22 16:17 pcre 8.33 changes restorecon behavior Sven Vermeulen
2013-06-24 12:50 ` Stephen Smalley [this message]
2013-06-24 14:24 ` Daniel J Walsh
2013-06-24 18:44 ` Eric Paris
2013-06-24 19:16 ` Stephen Smalley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C840AB.2030606@tycho.nsa.gov \
--to=sds@tycho.nsa.gov \
--cc=dwalsh@redhat.com \
--cc=eparis@redhat.com \
--cc=selinux@tycho.nsa.gov \
--cc=sven.vermeulen@siphos.be \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.