Hi, I'm trying to migrate a machine to SELinux. I was able to run all the steps related to the kernel, packages and filesystem. The system boots fine in permissive mode but I'm getting a lot of AVC denials related to /run. The obvious suspect would the lack of proper labelling so I checked the fstab and verified that the /run filesystem is present with the correct rootcontext option. To my surprise however the /run filesystem is still mounted without the rootcontext option.
I've spent some time tracking this down and eventually found out that the issue is related to the Dracut initramfs. The init script mounts /run from there. Obviously the the mount options are hard-coded and rootcontext is not among them. So I tried to edit the Dracut's init script (/usr/lib64/dracut/modules.d/99base/init.sh) to append the rootcontext option to the mount /run line, but surprisingly it was completely ignored. Did anybody hit a similar problem? Regards Chris
