If you see mislabeling issues as you described above then we can talk about policy bugs in most cases. We have opened issue for the first one - https://github.com/fedora-selinux/selinux-policy/issues/49 The second one is about symlinks. ls -lZ /sys/fs/cgroup/cpu lrwxrwxrwx. 1 root root system_u:object_r:tmpfs_t:s0 11 Dec 7 23:20 /sys/fs/cgroup/cpu -> cpu,cpuacct and if you check a target then you will see correct labels. But we define /sys/fs/cgroup -d gen_context(system_u:object_r:cgroup_t,s0) /sys/fs/cgroup/.* <<none>> in the policy which is used for labeling. Could you please open a new bug for it? Thank you. Regards, Miroslav -- selinux mailing list selinux@xxxxxxxxxxxxxxxxxxxxxxx http://lists.fedoraproject.org/admin/lists/selinux@xxxxxxxxxxxxxxxxxxxxxxx
