Multiple same specifications

maria at iano.org maria at iano.org
Tue Aug 12 19:46:54 UTC 2014 

My logs are full of an error about multiple same specifications like
these:

Aug 10 04:07:46 node1 netlogon:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /cmshome/cms/Baskets/In(/.*)*. 

Aug 10 04:07:46 node1 netlogon:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /cmshome/cms/Baskets/In
(system_u:object_r:public_content_rw_t:s0 and
system_u:object_r:home_root_t:s0). 

Aug 10 05:03:17 node1 netlogon:
/etc/selinux/targeted/contexts/files/file_contexts: Multiple different
specifications for /cmshome/cms/Baskets/In/[^/]*
(system_u:object_r:public_content_rw_t:s0 and
user_u:object_r:user_home_dir_t:s0). 

When I change into /etc/selinux/targeted/contexts/files and grep for
/cmshome/cms/Baskets/In I get this:

file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/.+
user_u:object_r:user_home_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/.virtinst(/.*)?
user_u:object_r:virt_content_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/.*/plugins/nprhapengine\.so.*
--	user_u:object_r:textrel_shlib_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/.*/plugins/libflashplayer\.so.*
--	user_u:object_r:textrel_shlib_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/((www)|(web)|(public_html)|(public_git))(/.+)?
user_u:object_r:httpd_user_content_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/bin(/.*)?
user_u:object_r:home_bin_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/\.ssh(/.*)?
user_u:object_r:sshd_key_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*
--	user_u:object_r:textrel_shlib_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/\.spamassassin(/.*)?
user_u:object_r:spamassassin_home_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/VirtualMachines(/.*)?
user_u:object_r:virt_image_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/cxoffice/bin/wine.+
--	user_u:object_r:wine_exec_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/VirtualMachines/isos(/.*)?
user_u:object_r:virt_content_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*	-d
user_u:object_r:user_home_dir_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/\.k5login	--
user_u:object_r:krb5_home_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/[^/]*/\.fetchmailrc
--	user_u:object_r:fetchmail_home_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/lost\+found/.*	<<none>>
file_contexts.homedirs:/cmshome/cms/Baskets/In	-d
system_u:object_r:home_root_t:s0
file_contexts.homedirs:/cmshome/cms/Baskets/In/\.journal	<<none>>
file_contexts.homedirs:/cmshome/cms/Baskets/In/lost\+found	-d
system_u:object_r:lost_found_t:s0
file_contexts.local:/cmshome/cms/Baskets/In -d
system_u:object_r:public_content_rw_t:s0
file_contexts.local:/cmshome/cms/Baskets/In(/.*)* -d
system_u:object_r:public_content_rw_t:s0
file_contexts.local:/cmshome/cms/Baskets/In/[^/]* -d
system_u:object_r:public_content_rw_t:s0
file_contexts.local:/cmshome/cms/Baskets/In(/.*)*
system_u:object_r:public_content_rw_t:s0

When I try to remove the home_dir specification I get this:
[root at node1 files]# /usr/sbin/semanage fcontext -d -t user_home_dir_t -d
"/cmshome/cms/Baskets/In/[^/]*" 
/usr/sbin/semanage: File context for /cmshome/cms/Baskets/In/[^/]* is
not defined

From googling I think that's because semanage only manages local
definitions and the user_home_dir_t is coming from the policy module
because the following directories are home directories from various
different accounts in the system (they are part of the application that
runs on there).
These are home directories in /etc/passwd of some accounts:
/cmshome/cms
/cmshome/cms/Baskets/In/Mails
/cmshome/cms/Baskets/In/AdImport
/cmshome/cms/Baskets/In/Photos
/cmshome/cms/Baskets/Out/AdReports
/cmshome/cms/Baskets/Out/WebExport
/cmshome/cms/Baskets/Out/HiResProofer
/cmshome/cms/Baskets/Out/Typeset
/cmshome/cms/Baskets/In/Graphics
/cmshome/cms/Baskets/In/XMLPlanner
/cmshome/cms/Baskets/Out/Archive

I want to make sure everything under /cmshome/cms/Baskets/In is
public_content_rw_t. Fortunately my local policy is winning when
relabeling occurs. How can I resolve this error or can I?

Thanks,
Maria

More information about the selinux mailing list