sig_cloud/diskimage-builder
11
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge "Relabel filesystem if SELinux is available"

Browse Source
This commit is contained in:
Jenkins 2014-08-12 16:30:34 +00:00 committed by Gerrit Code Review
commit 8c72451345
1 changed files with 5 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
elements/rpm-distro/finalise.d/11-selinux-fixfiles-restore
View File

@ -3,16 +3,14 @@
set -eux set -eux
set -o pipefail set -o pipefail
CONFIGURED_SELINUX=$(grep ^SELINUX= /etc/selinux/config | awk -F = '{print $2}') if [ -d /sys/fs/selinux -a /etc/selinux/targeted/contexts/files/file_context\
s -a -x /usr/sbin/setfiles ]; then
if [ "$CONFIGURED_SELINUX" == "enforcing" ]; then
# Without fixing selinux file labels, sshd will run in the kernel_t domain # Without fixing selinux file labels, sshd will run in the kernel_t domain
# instead of the sshd_t domain, making ssh connections fail with # instead of the sshd_t domain, making ssh connections fail with
# "Unable to get valid context for <user>" error message # "Unable to get valid context for <user>" error message
setfiles /etc/selinux/targeted/contexts/files/file_contexts / setfiles /etc/selinux/targeted/contexts/files/file_contexts /
else else
echo "Skipping SELinux relabel, since it is not Enforcing." echo "Skipping SELinux relabel, since setfiles is not available."
echo "To relabel once the image is running, use:" echo "Touching /.autorelabel to schedule a relabel when the image boots."
echo "setfiles /etc/selinux/targeted/contexts/files/file_contexts /" touch /.autorelabel
echo "fixfiles restore"
fi fi