On Fri, Sep 21, 2018 at 3:58 AM Petr Lautrbach <plautrba@redhat.com> wrote:

>
> Ted Toth <txtoth@gmail.com> writes:
>
> > I have something very much like the following in an fc file:
> > /usr/lib64/python2\.(6|7)/site-packages/xyz/paste     --
> > gen_context(system_u:object_r:jxyz_exec_t,s0)
> >
> > and I use the same file on el6 and el7. On el6 the file is
> > labeled as
> > specified in the python2.6 directory. However on el7 where the
> > file gets
> > installed into python2.7 the file is not labeled correctly. On
> > el7
> > `semanage fcontext -l | grep xyz` shows the file context
> > expected but
> > `matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste` does
> > not return
> > the expected context and `restorecon -RFv
> > /usr/lib64/python2.7/site-packages/xyz` has no affect. The type
> > xyz_exec_t
> > exists on both systems. It's probably something stupid I'm doing
> > but I'm
> > just not seeing it. Has anyone else experienced similar issues?
> >
>
> There's equivalency rule /usr/lib64 -> /usr/lib on el7:
>
> # semanage fcontext -a -t tmp_t
>   '/usr/lib64/python2\.(6|7)/site-packages/xyz/paste'
>
> ValueError: File spec
> /usr/lib64/python2\.(6|7)/site-packages/xyz/paste conflicts with
> equivalency rule '/usr/lib64 /usr/lib'; Try adding
> '/usr/lib/python2\.(6|7)/site-packages/xyz/paste' instead
>
>
> # semanage fcontext -a -t tmp_t
>   '/usr/lib/python2\.(6|7)/site-packages/xyz/paste'
>
> # matchpathcon /usr/lib64/python2.7/site-packages/xyz/paste
> /usr/lib64/python2.7/site-packages/xyz/paste
> system_u:object_r:tmp_t:s0
>
>
> Petr
>

Thanks, where is this equivalency rule defined/documented?