From 5e1af345216149bcd68c4b33ae569c4fd88f2991 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Zbigniew=20J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
Date: Thu, 11 Jul 2024 13:31:53 +0200
Subject: [PATCH] Relabel files under /usr/bin to fix stale context after sbin
 merge

Related: RHEL-54303
---
 selinux-policy.spec | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/selinux-policy.spec b/selinux-policy.spec
index f0ff5917..65b41e37 100644
--- a/selinux-policy.spec
+++ b/selinux-policy.spec
@@ -286,6 +286,10 @@ if %{_sbindir}/selinuxenabled && [ "${SELINUXTYPE}" = %1 -a -f ${FILE_CONTEXT}.p
 fi; \
 # rebuilding the rpm database still can sometimes result in an incorrect context \
 %{_sbindir}/restorecon -R /usr/lib/sysimage/rpm \
+# In some scenarios, /usr/bin/httpd is labelled incorrectly after sbin merge. \
+# Relabel all files under /usr/bin, in case they got installed before policy \
+# was updated and the labels were incorrect. \
+%{_sbindir}/restorecon -R /usr/bin \
 if %{_sbindir}/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then \
     continue; \
 fi;