Description of problem: This is on Fedora *Silverblue* 30: $ ls -dZ1 /usr/bin /usr/sbin /usr/local/bin /usr/local/sbin system_u:object_r:bin_t:s0 /usr/bin system_u:object_r:bin_t:s0 /usr/local/bin system_u:object_r:var_t:s0 /usr/local/sbin system_u:object_r:bin_t:s0 /usr/sbin Version-Release number of selected component (if applicable): selinux-policy-3.14.3-43.fc30.noarch Maybe the code below needs an edit to match sbin too? https://github.com/fedora-selinux/selinux-policy/blob/31853b934f18cbeac268e2c891866308ad36b01a/policy/modules/kernel/corecommands.fc#L498
Good catch! Added fixes to Rawhide and F30. commit 61f2def74a34d71d8089e817556b41e49bb5d46d (HEAD -> rawhide) Author: Lukas Vrabec <lvrabec> Date: Mon Aug 12 10:51:20 2019 +0200 Label '/var/usrlocal/(.*/)?sbin(/.*)?' as bin_t In Atomic /usr/local is a soft symlink to /var/usrlocal, so the default policy to apply bin_t on /usr/local/sbin doesn't work and binaries dumped here get mislabeled as var_t. BZ(1739783)
FEDORA-2019-be14ea0375 has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2019-be14ea0375
selinux-policy-3.14.3-45.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2019-be14ea0375
selinux-policy-3.14.3-45.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.