Summary: | sys-libs/libselinux-2.1.13-r2 with dev-libs/libpcre-8.33 - matchpathcon, restorecon ... don't work | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | iGentoo <AlphatPC> |
Component: | SELinux | Assignee: | Sven Vermeulen (RETIRED) <swift> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | selinux |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
iGentoo
2013-05-29 16:19:01 UTC
Hiya @base-system Do you know of possible regressions in libpcre (or changes) that cause expressions to behave differently? (In reply to Sven Vermeulen from comment #1) > Hiya @base-system > > Do you know of possible regressions in libpcre (or changes) that cause > expressions to behave differently? http://vcs.pcre.org/viewvc?view=revision&revision=1313 matchpathcon works fine with libpcre ( revision < 1313 ). Sorry for taking this long, I've mailed the selinux mailinglist about it to see if this is a problem with libpcre or if the selinux tools are calling libpcre in the wrong way. Taking it back, looks like its about missing precompiled expressions... @Alphat-PC, can you go to the /etc/selinux/*/contexts/files/ location and see if there are any *.bin files in there (like file_contexts.bin)? If there are, we should recompile those: # sefcontext_compile file_contexts This should rebuild the binary file, and hopefully fix the problem. Can you confirm this? If so, I'll need to see if/how we can trigger this (or document). (In reply to Sven Vermeulen from comment #5) > Taking it back, looks like its about missing precompiled expressions... > > @Alphat-PC, can you go to the /etc/selinux/*/contexts/files/ location and > see if there are any *.bin files in there (like file_contexts.bin)? > > If there are, we should recompile those: > > # sefcontext_compile file_contexts > > This should rebuild the binary file, and hopefully fix the problem. Can you > confirm this? If so, I'll need to see if/how we can trigger this (or > document). Recompiling file_contexts.bin can help fix the problem! I recompile the refpolicy, everything is OK! Thanks!!! Is there a way that we can have SELinux tooling still use the libpcre.so.0 one (assuming libpcre updates to libpcre.so.1 - basing myself on the ebuild here) until the user has rebuild the regular expressions? Or can we somehow hook in the setfiles process to rebuild the expressions if they are stale? Guess not (yet). The approach is documented on https://wiki.gentoo.org/wiki/SELinux/FAQ so closing this one. |