CentOS - Jun 2008 - SELinux error message on CentOS 5: "multiple same specifications"

Hi all,

I just installed a CentOS 5 machine from Kickstart. I configure NSS
and PAM to lookup and authenticate users from LDAP with authconfig. On
my LDAP I also have some automount configuration, but I'm not running
automount on this server. SELinux is installed and enforcing.

Whenever I try to install an RPM (and in other occasions during boot)
I see those messages:

# rpm -Uvh ... .rpm
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found/.*.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/\.journal.
/etc/selinux/targeted/contexts/files/file_contexts: Multiple same
specifications for /usr/local/lost\+found.

The RPM installs fine, I guess those are just warnings. (Actually,
/usr/local is practically empty, and there are no lost+found or
.journal there, so I guess those are really innocuous.)

I dug in deeper and I found out that the source of the problem is most
probably in this file:
/etc/selinux/targeted/contexts/files/file_contexts.homedirs

Among its contents are these lines:

/usr/local/[^/]*/.+     user_u:object_r:user_home_t:s0
/usr/local/[^/]*/.*/plugins/nprhapengine\.so.*  --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/.*/plugins/libflashplayer\.so.*        --
user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/usr/local/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*   --
 user_u:object_r:textrel_shlib_t:s0
/usr/local/[^/]*        -d      user_u:object_r:user_home_dir_t:s0
/usr/local/lost\+found/.*       <<none>>
/usr/local      -d      system_u:object_r:home_root_t:s0
/usr/local/\.journal    <<none>>
/usr/local/lost\+found  -d      system_u:object_r:lost_found_t:s0

I saw that /home and /root are there, since they are really home
directories. But /usr/local shouldn't be there! And there's a fourth
directory there, which is based on the name of our NFS fileserver:

/colossus/users/[^/]*/.+        user_u:object_r:user_home_t:s0
/colossus/users/[^/]*/.*/plugins/nprhapengine\.so.*     --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/.*/plugins/libflashplayer\.so.*   --
user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*/((www)|(web)|(public_html))(/.+)?
user_u:object_r:httpd_user_content_t:s0
/colossus/users/[^/]*/\.mozilla(/.*)?/plugins/libflashplayer\.so.*
 --      user_u:object_r:textrel_shlib_t:s0
/colossus/users/[^/]*   -d      user_u:object_r:user_home_dir_t:s0
/colossus/users/lost\+found/.*  <<none>>
/colossus/users -d      system_u:object_r:home_root_t:s0
/colossus/users/\.journal       <<none>>
/colossus/users/lost\+found     -d      system_u:object_r:lost_found_t:s0

I tried to edit the file to remove the offending entries, but after I
installed another RPM I saw that the file was regenerated with the
other entries.

So, I would like to know: Where is this coming from? How is this file
being generated? What's the command that generates it? Which command
(semanage?) apart from rpm can I use to reproduce and test the
problem? (In other words, another command that won't install or change
anything on the system but check the integrity of this file.) How can
I tweak or control the way this file is generated?

Thanks a lot!
Filipe

Hi,

For the record, I found and fixed the problem.

I had some users with their home wrongly set on LDAP. One of them had
the home set to /usr/local/whatever and a /bin/sh shell, and another
had /colossus/users/herusername as home. The script "genhomedircon"
(which apparently is run by RPM every time) was generating those bogus
entries.

After fixing the LDAP entries and running "genhomedircon" the problem
got away.

Thanks,
Filipe