How to make SELinux file context permanent?

Ivan Gyurdiev ivg2 at
Mon Apr 3 23:52:45 UTC 2006

Ignacio Vazquez-Abrams wrote:
> On Mon, 2006-04-03 at 23:30 +0200, Gérard Milmeister wrote:
>> I have two packages, gcl and ecl, lisp compilers, that
>> need a context change of some binaries from
>>   system_u:object_r:lib_t
>> to
>>   system_u:object_r:textrel_shlib_t
>> These files reside in subdirectories of /usr/lib. Is it
>> possible to set context during RPM creation?
>> In any case, the changes are not permament, because after
>> a relabeling (or restorecon) of the filesystem, the context
>> reverts to the default.
>> What is the least painless way to do this correctly?
Ask upstream why text relocations are needed. Refer to this URL:

If text relocations are not needed, upstream should fix the package.
If text relocations are needed, file a bug against policy.
> In FC5 it's to create a policy module and load it during %post. 
Creating a policy module should not be necessary - you can use the 
semanage command with the fcontext option to add file context 
specification to the local config. However, adding a workaround is *not* 
the correct solution.

More information about the fedora-extras-list mailing list