Description of problem: I noticed that my /etc/shorewall dir & files were listed with shorewall_etc_t, but /etc/shorewall6 got plain etc_t. I'd think they should be the same. Version-Release number of selected component (if applicable): selinux-policy-targeted-3.14.1-40.fc28.noarch, but I also found the same '/etc/shorewall(/.*)? system_u:object_r:shorewall_etc_t:s0' line in rawhide, F27, CentOS 6 & 7. Not CentOS 5, at least, which doesn't even seem to have a shorewall_etc_t at all, not that it matters at this point. How reproducible: consistently Steps to Reproduce: 1. dnf install selinux-policy-targeted shorewall shorewall6 2. ls -lZa /etc/shorewall* Actual results: /etc/shorewall & contents have shorewall_etc_t, /etc/shorewall6 & contents have just etc_t. Expected results: /etc/shorewall & /etc/shorewall6 and their contents have shorewall_etc_t. Additional info: All versions have the same line in /etc/selinux/targeted/contexts/files/file_contexts: /etc/shorewall(/.*)? system_u:object_r:shorewall_etc_t:s0 It should be as simple as making that 'shorewall6?(/.*)?'. It looks like most of the rest of the contexts allow for shorewall6, except maybe the shorewall6-lite ones. I've never installed shorewall6?-lite, either one, so I don't know just what files it might need the contexts for. '/etc/shorewall-lite(/.*)?', '/sbin/shorewall-lite', '/usr/sbin/shorewall-lite', '/var/lib/shorewall-lite(/.*)?' look like they could use the same treatment. If this filters down to the CentOS 6 release, there's also '/etc/rc\.d/init\.d/shorewall-lite' & '/etc/rc\.d/init\.d/shorewall', but not for shorewall6. Ironically, CentOS 7 uses systemd, but has '/etc/rc\.d/init\.d/shorewall.*' which would cover all of these.
Yep, you're right. Will be fixed in next version of selinux-policy. Thanks, Lukas.
selinux-policy-3.14.1-42.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-2d1b09d217
selinux-policy-3.14.1-42.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.