As I have done a touch /.autorelabel;reboot yesterday. The next suggestion is below. Is it safe to do it. clamd\clamav is used to /home or do I click "ignore" ***** Plugin catchall_labels (23.2 confidence) suggests ******************** If you want to allow clamd to have search access on the selinux directory Then you need to change the label on /selinux Do # semanage fcontext -a -t FILE_TYPE '/selinux' where FILE_TYPE is one of the following: sysctl_crypto_t, samba_var_t, amavis_var_lib_t, avahi_var_run_t, clamd_var_log_t, setrans_var_run_t, net_conf_t, clamd_var_lib_t, clamd_var_run_t, sysctl_t, sysctl_kernel_t, abrt_t, bin_t, nscd_var_run_t, nslcd_var_run_t, clamd_etc_t, lib_t, mnt_t, sssd_var_lib_t, root_t, tmp_t, usr_t, var_t, device_t, etc_t, clamd_tmp_t, amavis_spool_t, proc_t, sysfs_t, var_lib_t, exim_spool_t, textrel_shlib_t, sysctl_t, bin_t, cert_t, clamd_t, tmp_t, rpm_script_tmp_t, usr_t, var_t, winbind_var_run_t, security_t, device_t, devpts_t, locale_t, sssd_public_t, etc_t, proc_t, default_t, etc_mail_t, sosreport_tmp_t, fail2ban_var_lib_t, likewise_var_lib_t, rpm_tmp_t, var_run_t, krb5_conf_t, httpd_sys_content_t, rpm_log_t, var_log_t, var_spool_t, var_lib_t, var_run_t, abrt_var_run_t, var_t, var_log_t, nscd_var_run_t, pcscd_var_run_t, var_t, var_t, cgroup_t, var_run_t, var_run_t, root_t, sysfs_t, tmpfs_t. Then execute: restorecon -v '/selinux' -- Regards, Frank Murphy UTF_8 Encoded Friend of fedoraproject.org -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux
