I noticed that the contexts for the logrotated cron log files are 'restored' by fixfiles/restorecon from system_u:object_r:crond_log_t to system_u:object_r:var_log_t . Would it make sense to change crond.fc from: /var/log/cron -- system_u:object_r:crond_log_t to something like: /var/log/cron.* -- system_u:object_r:crond_log_t tom