emo/openrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tmpfiles: set the proper SELinux context

Browse Source 
Restore the label on the created file / dir based on the policy
fcontexts.

X-Gentoo-Bug: 516956
X-Gentoo-Bug-URL: https://bugs.gentoo.org/show_bug.cgi?id=516956
This commit is contained in:
Jason Zaman 2014-07-15 22:27:32 +04:00 committed by William Hubbs
parent 4a1afa694c
commit 4f784bd469
1 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sh/tmpfiles.sh.in
View File

@ -52,12 +52,20 @@ relabel() {
done done
} }
_restorecon() {
local path=$1
if [ -x /sbin/restorecon ]; then
dryrun_or_real restorecon -F "$path"
fi
}
_b() { _b() {
# Create a block device node if it doesn't exist yet # Create a block device node if it doesn't exist yet
local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6 local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6
if [ ! -e "$path" ]; then if [ ! -e "$path" ]; then
dryrun_or_real mknod -m $mode $path b ${arg%:*} ${arg#*:} dryrun_or_real mknod -m $mode $path b ${arg%:*} ${arg#*:}
dryrun_or_real chown $uid:$gid $path dryrun_or_real chown $uid:$gid $path
_restorecon "$path"
fi fi
} }
@ -67,6 +75,7 @@ _c() {
if [ ! -e "$path" ]; then if [ ! -e "$path" ]; then
dryrun_or_real mknod -m $mode $path c ${arg%:*} ${arg#*:} dryrun_or_real mknod -m $mode $path c ${arg%:*} ${arg#*:}
dryrun_or_real chown $uid:$gid $path dryrun_or_real chown $uid:$gid $path
_restorecon "$path"
fi fi
} }
@ -80,6 +89,7 @@ _f() {
if [ ! -e "$path" ]; then if [ ! -e "$path" ]; then
dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path" dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path"
[ -z "$arg" ] || _w "$@" [ -z "$arg" ] || _w "$@"
_restorecon "$path"
fi fi
} }
@ -91,6 +101,7 @@ _F() {
dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path" dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path"
[ -z "$arg" ] || _w "$@" [ -z "$arg" ] || _w "$@"
_restorecon "$path"
} }
_d() { _d() {
@ -101,6 +112,7 @@ _d() {
if [ ! -d "$path" ]; then if [ ! -d "$path" ]; then
dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path" dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path"
_restorecon "$path"
fi fi
} }
@ -110,10 +122,12 @@ _D() {
if [ -d "$path" ] && [ $REMOVE -gt 0 ]; then if [ -d "$path" ] && [ $REMOVE -gt 0 ]; then
dryrun_or_real find "$path" -mindepth 1 -maxdepth 1 -xdev -exec rm -rf {} + dryrun_or_real find "$path" -mindepth 1 -maxdepth 1 -xdev -exec rm -rf {} +
_restorecon "$path"
fi fi
if [ $CREATE -gt 0 ]; then if [ $CREATE -gt 0 ]; then
dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path" dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path"
_restorecon "$path"
fi fi
} }
@ -121,6 +135,7 @@ _L() {
# Create a symlink if it doesn't exist yet # Create a symlink if it doesn't exist yet
local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6 local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6
[ ! -e "$path" ] && dryrun_or_real ln -s "$arg" "$path" [ ! -e "$path" ] && dryrun_or_real ln -s "$arg" "$path"
_restorecon "$path"
} }
_p() { _p() {
@ -132,6 +147,7 @@ _p() {
if [ ! -p "$path" ]; then if [ ! -p "$path" ]; then
dryrun_or_real mkfifo -m$mode "$path" dryrun_or_real mkfifo -m$mode "$path"
dryrun_or_real chown "$uid:$gid" "$path" dryrun_or_real chown "$uid:$gid" "$path"
_restorecon "$path"
fi fi
} }