How do I set a selinux context on a non-ascii file?

I’m running in permissive mode and wanted to clean up the audit errors on a sever.

I was told to run this command:

semanage fcontext -a -t samba_share_t '/shared/TimeMachineAlex2/Alexander’s.MacBook.Air.sparsebundle'
/sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts.local:  line 6 error due to: Non-ASCII characters found

And checking file_context.local line 6 it’s this:

/shared/TimeMachineAlex2/Alexander’s.MacBook.Air.sparsebundle    system_u:object_r:samba_share_t:s0

My locale is en_GB.UTF-8.

How can I fix the error without renaming the file?

I think those file paths are interpreted as regular expressions. If so, you could probably replace that Unicode apostrophe with a period (.) and that should match any character at that place in the filename.

I’m not sure that a period will do what you want. Unless there’ve been some big changes, a question mark (?) is used to represent one character in a string. If a period doesn’t work, try that instead.

Maybe I’m looking at the wrong thing? It looks to me like . is the wildcard character. * means “zero or more”, + means “one or more”, and ? means “zero or one”.

$ head /etc/selinux/targeted/contexts/files/file_contexts
/.*	system_u:object_r:default_t:s0
/[^/]+	--	system_u:object_r:etc_runtime_t:s0
/a?quota\.(user|group)	--	system_u:object_r:quota_db_t:s0
/efi(/.*)?	system_u:object_r:boot_t:s0
/nsr(/.*)?	system_u:object_r:var_t:s0
/sys(/.*)?	system_u:object_r:sysfs_t:s0
/xen(/.*)?	system_u:object_r:xen_image_t:s0
/mnt(/[^/]*)?	-d	system_u:object_r:mnt_t:s0
/mnt(/[^/]*)?	-l	system_u:object_r:mnt_t:s0
/dev/.*	system_u:object_r:device_t:s0

You are probably thinking of Bash glob chars. These are SELinux rules.

semanage fcontext requires a FILE_SPEC. From man semanage-fcontext.8:

FILE_SPEC may contain either a fully qualified
path, or a Perl compatible regular expression
(PCRE), describing fully qualified path(s).
The only PCRE flag in use is PCRE2_DOTALL,
which causes a wildcard ‘.’ to match anything,
including a new line. Strings representing
paths are processed as bytes (as opposed to
Unicode), meaning that non-ASCII characters
are not matched by a single wildcard.

You may need more than one . to match a non-ASCII glyph.

Note that ‘.’ would represent only one char, while unicode uses multichar representation:

$ sudo semanage fcontext -a -t user_home_t /tmp/abc.efg

$ matchpathcon /tmp/abcžefg
/tmp/abcžefg <<none>>

The workaround would be to use ‘.*’:

$ sudo semanage fcontext -a -t user_home_t '/tmp/abc.*efg'

$ matchpathcon /tmp/abcžefg
/tmp/abcžefg system_u:object_r:user_home_t:s0

For future, there’s a patch available which would add support for utf8, see 2427550 – /sbin/setfiles: /var/lib/selinux/final/targeted/contexts/files/file_contexts.local: line 4 error due to: Non-ASCII characters found → Making sure you're not a bot!

Thats glob (aka shell) vs. regex syntax you are suggesting.
It seems it is regex.

I wonder if I can use \xNN? Will have to try that in a bit.

But you .+ suggestion worked.

Good to know.