Description of problem:
I noticed that my /etc/shorewall dir & files were listed with shorewall_etc_t, but /etc/shorewall6 got plain etc_t. I'd think they should be the same.
Version-Release number of selected component (if applicable):
selinux-policy-targeted-3.14.1-40.fc28.noarch, but I also found the same '/etc/shorewall(/.*)? system_u:object_r:shorewall_etc_t:s0' line in rawhide, F27, CentOS 6 & 7. Not CentOS 5, at least, which doesn't even seem to have a shorewall_etc_t at all, not that it matters at this point.
Steps to Reproduce:
1. dnf install selinux-policy-targeted shorewall shorewall6
2. ls -lZa /etc/shorewall*
/etc/shorewall & contents have shorewall_etc_t, /etc/shorewall6 & contents have just etc_t.
/etc/shorewall & /etc/shorewall6 and their contents have shorewall_etc_t.
All versions have the same line in /etc/selinux/targeted/contexts/files/file_contexts:
It should be as simple as making that 'shorewall6?(/.*)?'.
It looks like most of the rest of the contexts allow for shorewall6, except maybe the shorewall6-lite ones. I've never installed shorewall6?-lite, either one, so I don't know just what files it might need the contexts for. '/etc/shorewall-lite(/.*)?', '/sbin/shorewall-lite', '/usr/sbin/shorewall-lite', '/var/lib/shorewall-lite(/.*)?' look like they could use the same treatment.
If this filters down to the CentOS 6 release, there's also '/etc/rc\.d/init\.d/shorewall-lite' & '/etc/rc\.d/init\.d/shorewall', but not for shorewall6. Ironically, CentOS 7 uses systemd, but has '/etc/rc\.d/init\.d/shorewall.*' which would cover all of these.
Yep, you're right.
Will be fixed in next version of selinux-policy.
selinux-policy-3.14.1-42.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.