The same problem as described in BZ#2230508 is reproducible on RHEL-9.

Description of problem: authselect backup files with etc_t but dir expects var_lib_t

–

Running restorecon -Rvn shows that files under /var/lib/authselect/backups are created (copied?) with etc_t fcontext, but that the directory var/lib/authselect/backups is expecting (because of inheritance from /var/lib) that it has var_lib_t

–

// Internal data, Hence making it private

sudo ls -lZ /var/lib/authselect/backups
total 0
drwx------. 2 root root system_u:object_r:var_lib_t:s0 130 Jul 19 2021 2021-07-19-15-54-05.oGrgdj
drwx------. 2 root root system_u:object_r:var_lib_t:s0 165 Jul 27 2021 2021-07-27-12-17-22.Ze7lvq
drwx------. 2 root root system_u:object_r:var_lib_t:s0 165 Feb 21 2022 2022-02-21-16-20-47.IYqRN9
drwxr-xr-x. 2 root root system_u:object_r:var_lib_t:s0 188 Jul 27 2021 pre_ipaclient_20210727121805

Actual results:

sudo ls -lZ /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9
total 32
rw-rr-. 1 root root system_u:object_r:etc_t:s0 231 Feb 21 2022 dconf-db
rw-rr-. 1 root root system_u:object_r:etc_t:s0 260 Feb 21 2022 dconf-locks
rw-rr-. 1 root root system_u:object_r:etc_t:s0 624 Feb 21 2022 fingerprint-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 809 Feb 21 2022 nsswitch.conf
rw-rr-. 1 root root system_u:object_r:etc_t:s0 544 Feb 21 2022 password-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 555 Feb 21 2022 postlogin
rw-rr-. 1 root root system_u:object_r:etc_t:s0 684 Feb 21 2022 smartcard-auth
rw-rr-. 1 root root system_u:object_r:etc_t:s0 1959 Feb 21 2022 system-auth

sudo restorecon -Rvn /var/lib/authselect/backups
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/system-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/password-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/fingerprint-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/smartcard-auth from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/postlogin from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/nsswitch.conf from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/dconf-db from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0
Would relabel /var/lib/authselect/backups/2022-02-21-16-20-47.IYqRN9/dconf-locks from system_u:object_r:etc_t:s0 to system_u:object_r:var_lib_t:s0

—

Expected results:

Either the /var/lib/authselect/backups fcontext is expecting to have etc_t files in it or the authselect backup process creates the files with the var_lib_t fcontext

Additional info:

Case ID = 03580255