possible improvement - plugin restorecon suggests no-op command (99.5 confidence)

[bachradsusi]

I used semanage fcontext + restorecon, and then (still) suffered an AVC denial executing the file.

This is not my complaint, I clearly don't understand selinux enough to implement any workaround more subtle than disabling selinux,

The problem detected is that setroubleshootd suggests the most likely fix is to run restorecon -v on the file. That was part of how I caused the problem, and of course re-running it does nothing to help.

The plugin actually knows what label "should" be re-applied. So it could easily see that something more is wrong. (Just run the equivalent of restorecon -nv).

For more information see https://bugzilla.redhat.com/show_bug.cgi?id=1427142