I know ls in rawhide exposes the contexts via -Z but I haven't poked around with nautilus to see if security context information is exposed there. And of course having nautilus be able to run the restorecon via a right click menu entry on a directory or file is going to be needed for smooth operation for a segment of the userbase.
And are there any tools aimed at helping users figure out what file security context settings are needed for specific service/daemons?
Also, does find have facilities to match security contexts? It's a common tool for finding violations of other policies, like rogue suid binaries.
