Description of problem: With firefox when starting the browser for the first time the configuration directory is created with correct SELinux labels: $ rm -rf ~/.mozilla $ firefox $ restorecon -Rv ~/.mozilla $ But with chromium the files get relabeled: $ rm -rf ~/.cache/chromium ~/.config/chromium $ chromium-browser [7517:7517:0419/080842.293745:ERROR:chrome_browser_cloud_management_controller.cc(162)] Cloud management controller initialization aborted as CBCM is not enabled. MESA-INTEL: warning: Performance support disabled, consider sysctl dev.i915.perf_stream_paranoid=0 [7555:7555:0419/080842.322254:ERROR:gpu_init.cc(525)] Passthrough is not supported, GL is egl, ANGLE is $ restorecon -Rv ~/.cache/chromium ~/.config/chromium | wc -l 283 It looks like chromium and selinux-policy are not fully in sync on which labels should be used. Thanks. Version-Release number of selected component (if applicable): chromium-112.0.5615.121-2.el9.x86_64 selinux-policy-targeted-34.1.43-1.el9_1.2.noarch
I've submitted a PR to address the issue in Fedora: https://github.com/fedora-selinux/selinux-policy/pull/1679 It will be a part of the next F38 and rawhide builds.
The same issue is reproducible on RHEL-8.9 and was filed as BZ#2221573.
https://github.com/fedora-selinux/selinux-policy/pull/1785/files