What were you trying to do that didn't work?

Some customers make use of their own application tree, e.g. /app/someapp. When the application defines users, the customers are tempted to create equivalent contexts for the users, by executing commands such as the ones below:

# semanage fcontext -a -e /home/someuser /app/someapp/appuser1
# semanage fcontext -a -e /app/someapp/appuser1 /app/someapp/appuser2

The first line is OK, /app/someapp/appuser1 will be considered as a home directory:

# matchpathcon /app/someapp/appuser1
/app/someapp/appuser1    unconfined_u:object_r:user_home_dir_t:s0 

But the second line is not having any effect, despite looking correct:

# matchpathcon /app/someapp/appuser2
/app/someapp/appuser2    system_u:object_r:default_t:s0 

This is very likely because the line will make the path /app/someapp/appuser2 be mapped against the path /app/someapp/appuser1 as seen in the policy without taking care of equivalent rules.

If that's the case, then this behavior has to be documented in both semanage-fcontext(8) manpage and RHEL documentation giving examples of use of -e command.

Please provide the package NVR for which bug is seen:

libselinux-utils

How reproducible:

Always, see above.