My big error on selinux

I have fighting a lot to be able to configure service and not disable selinux.
Looking around I have found a bad post and silly me I have done:

$ sudo semanage fcontext -a -t rsync_data_t '/boot(/.*)?'
$ sudo semanage fcontext -a -t rsync_data_t '/etc(/.*)?'
$ sudo semanage fcontext -a -t rsync_data_t '/home/myuser(/.*)?'
$ sudo restorecon -Rv '/boot'
$ sudo restorecon -Rv '/etc'
$ sudo restorecon -Rv '/home/myuser'
$ sudo setsebool -P rsync_client on

I am now booting disabling selinux

I guess there is no way to restore the original selinux values on /boot, /home/ and /etc

have to reinstall a fresh Fedora 39 workstation?

best regards,
Leonardo

You should be able to remove these fcontext entries and run the restorecon again. For the time being you should also set SELinux to Permisive mode.

Like this?
first enable selinux then:

$ sudo semanage fcontext -d -t rsync_data_t '/boot(/.*)?'
$ sudo semanage fcontext -d -t rsync_data_t '/etc(/.*)?'
$ sudo semanage fcontext -d -t rsync_data_t '/home/myuser(/.*)?'
$ sudo restorecon -Rv '/boot'
$ sudo restorecon -Rv '/etc'
$ sudo restorecon -Rv '/home/myuser'

Does this make sense?
Doing my first command ...fcontext -a... have I overright some setting and lost it?

best regards,
Leonardo

Leonardo Saracini via Fedora Discussion
notifications@fedoraproject.discoursemail.com writes:

Like this?
first enable selinux then:

$ sudo semanage fcontext -d -t rsync_data_t '/boot(/.*)?'
$ sudo semanage fcontext -d -t rsync_data_t '/etc(/.*)?'
$ sudo semanage fcontext -d -t rsync_data_t '/home/myuser(/.*)?'
$ sudo restorecon -Rv '/boot'
$ sudo restorecon -Rv '/etc'
$ sudo restorecon -Rv '/home/myuser'

Does this make sense?
Doing my first command ...fcontext -a... have I overright some setting and lost it?

You can list your local modification using semanage fcontext -l -C and
you can drop all your local modification using semanage fcontext -D

Also semanage works fine even with disabled SELinux:

# sestatus 
SELinux status:                 disabled

# semanage fcontext -l -C
SELinux fcontext                                   type               Context

/boot(/.*)?                                        all files          system_u:object_r:rsync_data_t:s0 

If I wanted to fix labeling on my system to default I’d use SELinux
autorelabel:

  1. switch to SELINUX=permissive in /etc/selinux/config
  2. semanage fcontext -D
  3. fixfiles -F onboot
  4. reboot
2 Likes

I’m very happy now.
I think I have destroy the system but now all is reverted.
thank you all,
Leonardo