No autorelabel when enabling SELinux

Question

No autorelabel when enabling SELinux

Closed this issue 5 years ago · 0 comments

tequeter commented 5 years ago

This is for documentation purposes, I have a PR for it.

Affected Puppet, Ruby, OS and module versions/distributions

Puppet: 6.10.1
Ruby: 2.5.7
Distribution: Debian 10
Module version: 3.0.0

How to reproduce (e.g Puppet code you use)

On a system with SELinux disabled, create a new file covered by a fcontext rule (for example, /root/test).

Apply :

class { 'selinux': mode => 'permissive' }

Reboot and ls -Z the file.

What are you seeing

The file is unlabeled_t.

What behaviour did you expect instead

The file should have a type, such as user_home_t.

Any additional information you'd like to impart

The /.autorelabel file this module creates should be present, but empty. Otherwise the call to fixfiles on boot fails because of invalid arguments.