selinux June 2013 archive
Main Archive Page > Month Archives  > selinux archives
selinux: Re: pcre 8.33 changes restorecon behavior

Re: pcre 8.33 changes restorecon behavior

From: Stephen Smalley <sds_at_nospam>
Date: Mon Jun 24 2013 - 12:50:51 GMT
To: Sven Vermeulen <>

On 06/22/2013 12:17 PM, Sven Vermeulen wrote:
> Hi guys
> Since libpcre 8.33, the behavior of restorecon is different. Take the
> context for /sbin for instance:
> Before libpcre 8.33:
> # matchpathcon /sbin
> /sbin system_u:object_r:bin_t:s0
> With and after libpcre 8.33:
> # matchpathcon /sbin
> /sbin <<none>>
> As a result, trying to reset the label fails:
> # restorecon -Fv /sbin
> restorecon: Warning no default label for /sbin
> Is this a bug in libpcre or are we using it differently? According to
> Alphat-PC, it is due to rev 1313 of libpcre:
> Thanks to Alphat-PC for reporting and debugging it at

Looks to me as if the compiled regex format changed. So that would be a
problem for previously compiled regexes cached in the .bin files under
/etc/selinux/$SELINUXTYPE/contexts/files. You would need to re-run
sefcontext_compile to regenerate them or delete them and fall back to
loading from the source configurations.

Not sure if there is a way to automatically detect the change in format
and handle the conversion on the libselinux side.

-- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to with the words "unsubscribe selinux" without quotes as the message.