> Is that a necessary thing to do after installing a new module? My
> understanding is that relabelling only corrects the SELinux file
> attributes on every file on the system, so why would I need to do the
> relabelling when I have just installed a new policy?
>
> Also, if my assumption is correct then why would I need to have a
> running SELinux to do that? It is a great inconvenience and a real pain
> for scenarios I described in my previous posts!
>
Good points. i think you might indeed be able to run restorecon or
fixfiles/setfiles in %post, but i am not sure.
I would suggest you try it.
I definitely will, though I am encouraged that I may not need to do the
relabelling after all as I have just ran freshly built image with
SELinux=Enforced and without shorewall/ipset installed (so that they
don't create unnecessary problems) through qemu and it ran happily - no
problems. Will see how it goes in practice, fingers crossed.
Otherwise wait a day when the professionals can reply to your query.
Haha! No worries, I am glad there are still people left in the community
willing to give you a hand when needed (besides, there is no guarantee
that these 'professionals' as you put it would be able to help out -
I've ran across all sorts in my career).