https://fedorahosted.org/pipermail/cobbler-devel/2011-March/001950.html
I have been told that snippet discussed above is executed by anaconda.
Allow anaconda to run setfiles (restorecon) in the setfiles_t domain
so that it is allowed to restore contexts of all files even if the
unconfined module is disabled.
Signed-off-by: Dominick Grift <domg472(a)gmail.com>
---
:100644 100644 dd1522d... e2df760... M policy/modules/admin/anaconda.te
policy/modules/admin/anaconda.te | 1 +
1 files changed, 1 insertions(+), 0 deletions(-)
diff --git a/policy/modules/admin/anaconda.te b/policy/modules/admin/anaconda.te
index dd1522d..e2df760 100644
--- a/policy/modules/admin/anaconda.te
+++ b/policy/modules/admin/anaconda.te
@@ -27,6 +27,7 @@ libs_domtrans_ldconfig(anaconda_t)
logging_send_syslog_msg(anaconda_t)
seutil_domtrans_semanage(anaconda_t)
+seutil_domtrans_setfiles(anaconda_t)
seutil_domtrans_setsebool(anaconda_t)
userdom_user_home_dir_filetrans_user_home_content(anaconda_t, { dir file lnk_file
fifo_file sock_file })
--
1.7.4