fixfiles and autorelabel fail if file_contexts.local doesn't exist
Environment
- Red Hat Enterprise Linux (RHEL) 7.6
- policycoreutils-2.5-29.el7
Issue
In bug #1559808, there has been an addition to fixfiles to take into account /etc/selinux/targeted/contexts/files/file_contexts.local if /etc/selinux/fixfiles_exclude_dirs exists and contains something to exclude.
The problem is that /etc/selinux/targeted/contexts/files/file_contexts.local doesn't always exist, so fixfiles and autorelabel fail.
Solution is to copy that file in fixfiles only if it exists.
Resolution
Update to policycoreutils-2.5-29.el7_6.1 shipped with Advisory RHBA-2019:0199 or newer.
Root Cause
Previously, the fixfiles script failed if the /etc/selinux/fixfiles_exclude_dirs file contained at least one entry and the /etc/selinux/targeted/contexts/files/file_contexts.local file was not present. With this update, the requirement for existence of /etc/selinux/targeted/contexts/files/file_contexts.local has been removed, and fixfiles now works correctly in the described scenario.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments