-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-10.0
-
No
-
Low
-
1
-
rhel-security-selinux
-
2
-
False
-
False
-
-
None
-
SELINUX 251029: 14
-
None
-
None
-
Unspecified
-
Unspecified
-
Unspecified
-
None
What were you trying to do that didn't work?
This is related to https://issues.redhat.com/browse/RHEL-5172 but the original issue does not mention the "-i" flag. According to the man page:
-i ignore files that do not exist.
However this only applies during initial file/directory scanning, not while running restorecon. Thus, ENOENT errors can still happen while restorecon runs, returning an error exit code.
What is the impact of this issue to you?
When restorecon runs against a directory whose underlying files/directories get deleted while restorecon is running, an error occurs, despite specifying "-i" in the command line.
Please provide the package NVR for which the bug is seen:
policycoreutils-3.8-1.el10.x86_64
How reproducible is this bug?:
Every time
Steps to reproduce
- On one shell session, run:
mkdir foo; cd foo; while :; do touch a b c; chcon -t etc_t a b c; rm -f a b c; done
- On another shell session, while the first 'while' is still running, run:
while true; do restorecon -RFivv foo; done
Expected results
No errors should occur due to ENOENT, as "-i" is used.
Actual results
The following error is shown (depending on timing since the test only uses 3 files, but it should get triggered quickly enough nonetheless):
restorecon: Could not set context for /root/foo/a: No such file or directory restorecon: Could not set context for /root/foo/b: No such file or directory restorecon: Could not set context for /root/foo/c: No such file or directory
