On Wed, Jul 29, 2015 at 06:45:22AM -0400, Simon Sekidde wrote:
----- Original Message -----
> From: "Robin Lee Powell" <rlpowell(a)digitalkingdom.org>
> To: "Lukas Vrabec" <lvrabec(a)redhat.com>,
selinux(a)lists.fedoraproject.org
> Sent: Wednesday, July 29, 2015 6:29:16 AM
> Subject: Re: [selinux] Re: Conflict between local module and local fcontext
>
> I removed this line:
>
> /srv/lojban/irclogs(/.*)?
> system_u:object_r:lojban_logger_logs_t:s0
>
> from the module's .fc file, since that was the only other use of
> lojban_logger_logs_t , and that line was non-functional as
> previously described, and now the fcontext command works.
>
> Yay!, but I don't get it at all.
The purpose of that line in the .fc is to have you avoid running
`semanage fcontext -a -t lojban_logger_logs_t
'/srv/lojban/irclogs(/.*)?'` since the label for all files in that
path dir has been predefined.
Yes, but:
1. it *doesn't work*, because I have an fcontent rule for
/srv/loban(/.*)? that wins over the module in all cases
2. why does the fcontext command abort with:
libsemanage.dbase_llist_query: could not query record value (No such file or
directory).
OSError: No such file or directory
when that .fc line exists?, especially when the .fc line doesn't
even *do* anything?
It's #2 that I don't get. Seems like a bug to me? At the very
least, the error message is not helpful.