After updating selinux userland and running rlpkg -a -r -v (the -v is important as the warning is dropped otherwise) I get a bunch of warnings about setfiles to being able to find a default label for a bunch of files: /usr/sbin/setfiles: Warning no default label for /var/spool/cron/lastrun/.keep_sys-process_cronbase-0 /usr/sbin/setfiles: Warning no default label for /var/spool/cron/lastrun/cron.monthly /usr/sbin/setfiles: Warning no default label for /var/spool/cron/lastrun/cron.weekly /usr/sbin/setfiles: Warning no default label for /var/spool/cron/lastrun/cron.daily /usr/sbin/setfiles: Warning no default label for /var/spool/cron/lastrun/cron.hourly /usr/sbin/setfiles: Warning no default label for /var/spool/cron/.keep_sys-process_cronbase-0 /usr/sbin/setfiles: Warning no default label for /var/spool/cron/crontabs/.keep_sys-process_vixie-cron-0 /usr/sbin/setfiles: Warning no default label for /var/tmp/.keep /usr/sbin/setfiles: Warning no default label for /var/tmp/kdecache-kdm /usr/sbin/setfiles: Warning no default label for /var/tmp/kdecache-kdm/icon-cache.kcache The list is much longer though for me all such warnings are about files in /var/<some subdirectory>. My /var is part of my root and other parts of var get their labels correctly. matchpathcon gives: matchpathcon /var/spool/cron/.keep_sys-process_cronbase-0 /var/spool/cron/.keep_sys-process_cronbase-0 <<none>> Reproducible: Always
I also see this, however this may be correct behaviour considering that they seem to be set explicitly in the policy to be <<none>> for example from cron.fc /var/spool/cron/lastrun -d gen_context(system_u:object_r:crond_tmp_t,s0) /var/spool/cron/lastrun/[^/]* -- <<none>>
That's correct; the new utilities might be more strict, or the warnings weren't as obvious in the past. Normally, when they are defined with <<none>>, the contexts remain as-is (portage_tmp_t?)
I'm going to mark this as INVALID, the method is working as designed (if the target file is marked as <<none>>).
