Hi,

When the converted machine starts for the first time SELinux relabels the filesystems if it was in use in the source machine. Relabeling may overwrite some labels especially if admins have used chcon for impermanent labeling.

Before starting the conversion it is possible to record which labels will be overwritten by doing a restorecon dry-run e.g. as follows:

     # find / -maxdepth 1 -type d | egrep -v '^/(dev|proc|sys|tmp|run|boot|)$' | restorecon -R -n -v -f- | gzip > fs.chcon.gz

It is now possible to refer to file fs.chcon.gz in the converted machine when instructing the admins to re-apply their past chcon changes or better yet, to re-implement them permanently with semanage.

Regards,

-Tom