[CentOS] SELinux error message on CentOS 5: "multiple same specifications"

Filipe Brandenburger filbranden at gmail.com
Fri Jun 6 00:30:01 UTC 2008


Hi all,

I just installed a CentOS 5 machine from Kickstart. I configure NSS
and PAM to lookup and authenticate users from LDAP with authconfig. On
my LDAP I also have some automount configuration, but I'm not running
automount on this server. SELinux is installed and enforcing.

Whenever I try to install an RPM (and in other occasions during boot)
I see those messages:

# rpm -Uvh ... .rpm
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found.

The RPM installs fine, I guess those are just warnings. (Actually,
/usr/local is practically empty, and there are no lost+found or
.journal there, so I guess those are really innocuous.)

I dug in deeper and I found out that the source of the problem is most
probably in this file:
/etc/selinux/targeted/contexts/files/file_contexts.homedirs

Among its contents are these lines:

/usr/local/[^/]*/.+     user_u:object_r:user_home_t:s0
/usr/local/[^/]*/.*/plugins/nprhapengine\.so.*  --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/.*/plugins/libflashplayer\.so.*        --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*   --
 user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*        -d      user_u:object_r:user_home_dir_t:s0
/usr/local/lost\+found/.*       <<none>>
/usr/local      -d      system_u:object_r:home_root_t:s0
/usr/local/\.journal    <<none>>
/usr/local/lost\+found  -d      system_u:object_r:lost_found_t:s0

I saw that /home and /root are there, since they are really home
directories. But /usr/local shouldn't be there! And there's a fourth
directory there, which is based on the name of our NFS fileserver:

/colossus/users/[^/]*/.+        user_u:object_r:user_home_t:s0
/colossus/users/[^/]*/.*/plugins/nprhapengine\.so.*     --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/.*/plugins/libflashplayer\.so.*   --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/colossus/users/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*
 --      user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*   -d      user_u:object_r:user_home_dir_t:s0
/colossus/users/lost\+found/.*  <<none>>
/colossus/users -d      system_u:object_r:home_root_t:s0
/colossus/users/\.journal       <<none>>
/colossus/users/lost\+found     -d      system_u:object_r:lost_found_t:s0

I tried to edit the file to remove the offending entries, but after I
installed another RPM I saw that the file was regenerated with the
other entries.

So, I would like to know: Where is this coming from? How is this file
being generated? What's the command that generates it? Which command
(semanage?) apart from rpm can I use to reproduce and test the
problem? (In other words, another command that won't install or change
anything on the system but check the integrity of this file.) How can
I tweak or control the way this file is generated?

Thanks a lot!
Filipe



More information about the CentOS mailing list