Bug 2440594 - Incorrect context on /var/opt [regression]
Summary: Incorrect context on /var/opt [regression]
Keywords:
Status: ASSIGNED
Alias: None
Product: Fedora
Classification: Fedora
Component: selinux-policy
Version: 43
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: ---
Assignee: Zdenek Pytela
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2026-02-18 13:50 UTC by Pierre Ossman
Modified: 2026-03-16 10:13 UTC (History)
7 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: Bug
Embargoed:
zpytela: mirror+


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker FC-3295 0 None None None 2026-03-05 17:03:22 UTC

Description Pierre Ossman 2026-02-18 13:50:23 UTC
Description of problem:
Files and directories under /var/opt have the wrong context, blocking access and breaking applications.

Version-Release number of selected component (if applicable):
selinux-policy-42.24-1.fc43.noarch

How reproducible:
100%

Steps to Reproduce:
1. ls -Zd /var/opt

Actual results:
> system_u:object_r:usr_t:s0 /var/opt

Expected results:
> system_u:object_r:var_t:s0 /var/opt

Additional info:
This is a regression caused here:

https://github.com/fedora-selinux/selinux-policy/pull/2917

Upstream bug report:

https://github.com/fedora-selinux/selinux-policy/issues/2960

This is breaking third-party software that uses the "opt" namespaces.

No known workaround except reverting the above PR.

Comment 1 Pierre Ossman 2026-03-16 10:13:36 UTC
Any idea on a timeline for a fix here? Do we need to start looking at more permanent workarounds for software that uses /var/opt?

The bug has unfortunately propagated to SLES 16, so this is hitting enterprise users now. I'm worried it will show up in RHEL as well soon.


Note You need to log in before you can comment on or make changes to this bug.