https://bugzilla.suse.com/show_bug.cgi?id=1229732 https://bugzilla.suse.com/show_bug.cgi?id=1229732#c10 --- Comment #10 from Fabian Vogt <fvogt@suse.com> --- (In reply to Thorsten Kukuk from comment #3)

There is one scenario, where only parts of the system get relabeled: systemctl soft-reboot at least on MicroOS, haven't tested Tumbleweed yet.

Problem on MicroOS: - initrd does not get executed, so no relabel of root filesystem - subvolumes get relabeled and remove the relabel trigger

zypp-boot-plugin will report a required hard reboot if selinux-policy gets updated in the future, but that's not very robust, admins can still call "systemctl soft-reboot" themself.

Which is IMO a bigger problem. If "systemctl soft-reboot" unconditionally soft-reboots into the next/default snapshot, it will break in even more cases like kernel updates (modules no longer match) or any of the packages in the exclusion list. We need a general solution here, not just for SELinux autorelabelling. -- You are receiving this mail because: You are on the CC list for the bug.