chcon can not apply partial context to unlabeld file excerpt: fix broken selinux label

The broken selinux label and way to fix

Yesterday I work on a task of compress a qcow2 vm image. As usual I made a temp directory in the directory of the image, and fired the qemu-img convert and then virt-sparsify command to do the compression.

Soon, after some seconds, an unusual error occurred. My task received a mysterious signal 9 and exited.

As I am the only user of the machine at the time. A blind guess and some ls -lhz commands lead me to the broken selinux label problem.

It turns out that directory up to the second level of the directory are all unlabeled.

My first attempt with chcon -R -t virt_image_t <workdir> failed with some error messages looks like bellow:

chcon: can't apply partial context to unlabeled file 'VERSION.png'
chcon: can't apply partial context to unlabeled file '1.1_V12'
chcon: can't apply partial context to unlabeled file 'pre-release'
chcon: can't apply partial context to unlabeled file 'hotfix_20200106_rollback'
chcon: can't apply partial context to unlabeled file 'statusmachine.properties'

solution from stackoverflow

To initialize selinux label on unlabeled files:

1. run chcon -R -h <initial_selinux_label> <workdir>
2. optionally run chcon -R -t <single_selinux_label> <workdir> if desired, label not in <initial_selinuxlabel>

chcon -R -h system_u:object_r:home_root_t:s0 images/
chcon -R -t virt_image_t images/