diff options
| author | Jason Zaman <jason@perfinion.com> | 2015-07-11 00:45:11 +0400 |
|---|---|---|
| committer | Doug Freed <dwfreed@mtu.edu> | 2015-08-03 12:51:16 -0700 |
| commit | 6a422982579786cb8308af04ccca6622afa06e50 (patch) | |
| tree | c9f05bfc9aa08280e345de7f83506f67ff2a5710 | |
| parent | f69833a1e17d1cf65e96a34fcc0e48caf9d90d64 (diff) | |
tmpfiles: run restorecon on the entire path
The tmpfiles "d" entry will create a full path and only the last dir in
the path will have its SELinux label set correctly. This patch will
restorecon the parents as well so that the selinux labels are correct.
eg, "d /run/libvirt/lxc", then "lxc" would have the correct SELinux
label but "libvirt" would not.
Signed-off-by: Jason Zaman <jason@perfinion.com>
| -rw-r--r-- | sh/tmpfiles.sh.in | 12 |
1 files changed, 11 insertions, 1 deletions
diff --git a/sh/tmpfiles.sh.in b/sh/tmpfiles.sh.in index 89bd03e8..43442d79 100644 --- a/sh/tmpfiles.sh.in +++ b/sh/tmpfiles.sh.in @@ -53,10 +53,18 @@ relabel() { done } +splitpath() { + local path=$1 + while [ -n "$path" ]; do + echo $path + path=${path%/*} + done +} + _restorecon() { local path=$1 if [ -x /sbin/restorecon ]; then - dryrun_or_real restorecon -F "$path" + dryrun_or_real restorecon -F $(splitpath "$path") fi } @@ -122,6 +130,7 @@ _d() { if [ ! -d "$path" ]; then dryrun_or_real mkdir -p "$path" 2>/dev/null + _restorecon "$path" dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path" fi } @@ -137,6 +146,7 @@ _D() { if [ $CREATE -gt 0 ]; then dryrun_or_real mkdir -p "$path" 2>/dev/null + _restorecon "$path" dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path" fi } |