Until a few days ago, my Fedora 29 Atomic host was working perfectly with SELinux enforced. The server is only a few week old with nothing fancy yet set or installed. I changed recently my user (gabx) context from the default unconfined to sysadmn_u and ran restorecon. Here is what I did: Fresh after install: -------------------------------------------------- # semanage login -l Login Name SELinux User MLS/MCS Range __default__ unconfined_u s0-s0:c0.c1023 root unconfined_u s0-s0:c0.c1023 gabx unconfined_u s0-s0:c0.c1023 -------------------------------- Then: # semanage login -m -s sysadm_u --range s0-s0.c0.c1023 # semanage login -l gabx sysadm_u s0-s0:c0.c1023 * # restorecon -RF /hone/gabx # ls -alZ /home/gabx drwxrwxr-x. 5 gabx gabx sysadm_u:object_r:config_home_t:s0 61 Aug 17 14:42 .config/ drwxrwxr-x. 2 gabx gabx sysadm_u:object_r:user_home_t:s0 6 Aug 21 14:09 hugo/ .... # vim /etc/sudoers.d/gabx gabx ALL=(ALL) TYPE=sysadm_t ROLE=sysadm_r /bin/sh This change may be the root of the problem. I ran a few a certbot-letsencrypt container which changed a few files contexts (container_t): maybe did it broke a few things? I can't load modules. With the help of ausearch and journalctl, I can identify SELinux messages, I can write a *myapp.pp* module. But then: ----------------------------------- # semodule -i myapp.pp semodule: Failed on myapp.pp! -------------------------------