I must be missing something in my understanding of selinux but I'm having problem where the root user can not change the selinux type of a directory.  I am running in targeted mode.

I was experimenting and changed the type of /tmp/bah to "unconfined_t".   I am now unable to either delete the directory or to change the type back to "tmp_t "

chcon -R -t tmp_t /tmp/bah/

Results in:

chcon: failed to change context of `/tmp/bah/' to `unconfined_u:object_r:tmp_t:s0': Permission denied

Audit2allow is suggesting "allow unconfined_t self:dir relabelfrom;"  but I don't want to apply that because it seems that would allow all unconfined files/processes to relabel themselves, is that correct?

Thanks for any tips.


Notice of Confidentiality: The information transmitted is intended only for the
person or entity to which it is addressed and may contain confidential and/or
privileged material. Any review, re-transmission, dissemination or other use of
or taking of any action in reliance upon this information by persons or entities
other than the intended recipient is prohibited. If you received this in error
please contact the sender immediately by return electronic transmission and then
immediately delete this transmission including all attachments without copying,
distributing or disclosing the same.