For some reason restorecon and setfiles have different notions of what context certain files should be. For example: # ls -Z /usr/lib/libz.* -rwxr-xr-x+ root root system_u:object_r:lib_t /usr/lib/libz.a lrwxrwxrwx+ root root system_u:object_r:lib_t /usr/lib/libz.so -> libz.so.1.2.1.1 lrwxrwxrwx root root system_u:object_r:lib_t /usr/lib/libz.so.1 -> libz.so.1.2.1.1 -rwxr-xr-x root root system_u:object_r:shlib_t /usr/lib/libz.so.1.2.1.1 # restorecon -v /usr/lib/libz.* restorecon set context /usr/lib/libz.so->system_u:object_r:shlib_t restorecon set context /usr/lib/libz.so.1->system_u:object_r:shlib_t # setfiles -v /etc/security/selinux/file_contexts /usr/lib/libz.* setfiles: read 1450 specifications setfiles: labeling files under /usr/lib/libz.a setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1 setfiles: labeling files under /usr/lib/libz.so setfiles: relabeling /usr/lib/libz.so from system_u:object_r:shlib_t to system_u:object_r:lib_t setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1 setfiles: labeling files under /usr/lib/libz.so.1 setfiles: relabeling /usr/lib/libz.so.1 from system_u:object_r:shlib_t to system_u:object_r:lib_t setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1 setfiles: labeling files under /usr/lib/libz.so.1.2.1.1 setfiles: hash table stats: 1 elements, 1/65536 buckets used, longest chain length 1 setfiles: Done. So, restorecon thinks that *.so files should be shlib_t, whereas setfiles thinks they should be lib_t. Which one is right and why do they disagree? I thought that they both get their context info from the same place. This is with policy-1.11.3-5 and policycoreutils-1.11-4. gary
