The "-Z" (set SELinux context) option to mkdir appears to have no effect
when "-p" (no error if existing, create parents) is also specified.
For example, on my CentOS 7 system, the correct context for
subdirectories of "/home" is "user_home_dir_t", but when I create such a
directory with "mkdir -p -Z", it has the "home_root_t" context:
# rm -rf /home/with-p
# mkdir -p -Z /home/with-p
# ls -Zd /home/with-p
drwxr-xr-x. root root unconfined_u:object_r:home_root_t:s0 /home/with-p
#
That's wrong. Running restorecon(1) fixes it:
# restorecon -v /home/with-p
restorecon reset /home/with-p context
unconfined_u:object_r:home_root_t:s0->unconfined_u:object_r:user_home_dir_t:s0
#
Without the "-p" option, "-Z" works as expected:
# mkdir -Z /home/without-p
# ls -Zd /home/without-p
drwxr-xr-x. root root unconfined_u:object_r:user_home_dir_t:s0
/home/without-p
# restorecon -v /home/without-p
#
The coreutils version in CentOS 7 is 8.22.
coreutils-8.23 compiled from source has the same behaviour.
