Resending since I sent the previous message directly to Chris.... Sorry about that... On 09/01/15 11:10, Chris Murphy wrote: > After a clean install of F23 server from netinstall media, running > restorecon I get a pile of changed files. Why aren't they correct to > begin with? > > Examples: > > > restorecon reset > /usr/lib/modules/4.2.0-0.rc8.git0.1.fc23.i686/modules.symbols context > system_u:object_r:modules_object_t:s0->system_u:object_r:modules_dep_t:s0 > > restorecon reset /boot/System.map-4.2.0-0.rc8.git0.1.fc23.i686 context > system_u:object_r:modules_object_t:s0->system_u:object_r:system_map_t:s0 > > restorecon reset /boot/vmlinuz-4.2.0-0.rc8.git0.1.fc23.i686 context > system_u:object_r:modules_object_t:s0->system_u:object_r:boot_t:s0 > > restorecon reset /var/lib/os-prober/labels context > unconfined_u:object_r:user_tmp_t:s0->unconfined_u:object_r:bootloader_var_lib_t:s0 > > restorecon reset /var/log/dnf.log context > system_u:object_r:rpm_log_t:s0->system_u:object_r:var_log_t:s0 > > restorecon reset > /var/cache/dnf/updates-testing-200adbd074da487f/repodata/repomd.xml > context system_u:object_r:rpm_tmp_t:s0->system_u:object_r:rpm_var_cache_t:s0 > > > So I asked about it on the test@ list and AdamW says it's the same > with Fedora 22, so it's not a new thing. > > Is this a bug with the originated package setting the label wrongly? > Does it make sense to RFE anaconda to run restorecon as part of > post-install scripts? > > My investigation has shown that if you run.... restorecon -v -R /usr/lib/modules to restore the context and then run depmod the context will again be "wrong". -- It seems most people that say they are "done talking about it" never really are until given the last word. -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/selinux