emo/openrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tmpfiles: run restorecon on the entire path

Browse Source 
The tmpfiles "d" entry will create a full path and only the last dir in
the path will have its SELinux label set correctly. This patch will
restorecon the parents as well so that the selinux labels are correct.

eg, "d /run/libvirt/lxc", then "lxc" would have the correct SELinux
label but "libvirt" would not.

Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2015-07-11 00:45:11 +04:00 committed by Doug Freed
parent f69833a1e1
commit 6a42298257
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
sh/tmpfiles.sh.in
View File

@ -53,10 +53,18 @@ relabel() {
done
}
splitpath() {
local path=$1
while [ -n "$path" ]; do
echo $path
path=${path%/*}
done
}
_restorecon() {
local path=$1
if [ -x /sbin/restorecon ]; then
dryrun_or_real restorecon -F "$path"
dryrun_or_real restorecon -F $(splitpath "$path")
fi
}
@ -122,6 +130,7 @@ _d() {
if [ ! -d "$path" ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null
_restorecon "$path"
dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path"
fi
}
@ -137,6 +146,7 @@ _D() {
if [ $CREATE -gt 0 ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null
_restorecon "$path"
dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path"
fi
}