https://bugzilla.suse.com/show_bug.cgi?id=1228849 https://bugzilla.suse.com/show_bug.cgi?id=1228849#c35 --- Comment #35 from pallas wept <pallaswept@proton.me> --- The documentation for podman (https://www.mankier.com/5/containers-storage.conf#Selinux_Labeling) includes handling for this issue, when changing the location for containers. TL;DR it's an equivalence like my previous post here. Subsequently, all new container storage is created with correct labelling. Likewise I recently found that the libvirt tools also set the labels when the user/admin creates new storage pools (eg in virt-manager). I came across this issue only because this system was migrated from apparmor to selinux - had it been running selinux all along, the labels would already be correct. So, for the two biggest candidates, if they've taken it upon their tools to handle this, then obviously it will be the same for other software, such as user directories like downloads or caches. So, that means xdg-user-dirs, plus a zillion other apps with caches. Not really something that's viable to fix... But, if this system were running selinux before I moved those directories, then they would have been correctly labelled already. So that's my takeaway from all of this - if this system had been running selinux from day 1, all of these problems would have been either documented, avoided, or accounted for. It's only because I was running apparmor and then switched, that I had problems, even with my extra configuration. Accordingly, I guess these problems could be considered a part of the migration process. Rather than confuse matters in the migration doc, also, since this isn't *strictly* migration-specific (one *could* hit similar problems in normal use) I have added this to the docs at https://en.opensuse.org/Portal:SELinux/Common_issues#Non-standard_file_locat... I hope that's OK, I'm not sure if I'm supposed to edit those pages or not. I just wanted to close this with as little fuss as possible :D If you read this, thanks again Cathy. -- You are receiving this mail because: You are on the CC list for the bug.