Description of problem:

• When restoring a system with selinux enabled, but where the backup does not restore the label, the system is not bootable because autorelabel will happen to late, systemd already fails with:
  —
  Failed to create timezone change event source: Permission denied
  —

because in RHEL 8.4, systemd is not able to read unlabelled files anymore.

• This case can happen with different backup tools:
• rsync with remote filesystem not able to manage extended attributes
• TSM as customer, because labels for link are no saved, thus /etc/localtime will be unlabelled an systemd will fail.

Version-Release number of selected component (if applicable):

• rear-2.4-18.el8.x86_64
• systemd-239-45.el8_4.1.x86_64
• selinux-policy-targeted-3.14.3-67.el8.noarch
• policycoreutils-2.9-14.el8.x86_64

How reproducible:

• always

Steps to Reproduce:
1. run rear backup on a target that does not support extended attributs
2. recover the system
3. on reboot, the system fails

Actual results:

• recover is complete, but system does not boot and autorelabel can't be applied

Expected results:

• recover completes, and system directly bootable

Additional info:

• I wrote a KCS to workaround the issue with a first boot with enforcing=0 on kernel command line
• I will also open a BZ against selinux because autorelabel is starting to late, systemd failed already.