I used semanage fcontext + restorecon, and then (still) suffered an AVC denial executing the file.
This is not my complaint, I clearly don't understand selinux enough to implement any workaround more subtle than disabling selinux,
The problem detected is that setroubleshootd suggests the most likely fix is to run restorecon -v on the file. That was part of how I caused the problem, and of course re-running it does nothing to help.
The plugin actually knows what label "should" be re-applied. So it could easily see that something more is wrong. (Just run the equivalent of restorecon -nv).
I used
semanage fcontext+restorecon, and then (still) suffered an AVC denial executing the file.This is not my complaint, I clearly don't understand selinux enough to implement any workaround more subtle than disabling selinux,
The problem detected is that setroubleshootd suggests the most likely fix is to run
restorecon -von the file. That was part of how I caused the problem, and of course re-running it does nothing to help.The plugin actually knows what label "should" be re-applied. So it could easily see that something more is wrong. (Just run the equivalent of
restorecon -nv).For more information see https://bugzilla.redhat.com/show_bug.cgi?id=1427142