fe559242cb
We are using which to find the location of setfiles. Our script is set -e though, and we need to also be able to handle the case where setfiles does not exist (like on centos-minimal). Change-Id: If53c7a80efc081b95b143c28be64d39b12bfb469
18 lines
669 B
Bash
Executable file
18 lines
669 B
Bash
Executable file
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
SETFILES=$(which setfiles || true)
|
|
if [ -e /etc/selinux/targeted/contexts/files/file_contexts -a -x "${SETFILES}" ]; then
|
|
# Without fixing selinux file labels, sshd will run in the kernel_t domain
|
|
# instead of the sshd_t domain, making ssh connections fail with
|
|
# "Unable to get valid context for <user>" error message
|
|
setfiles /etc/selinux/targeted/contexts/files/file_contexts /
|
|
else
|
|
echo "Skipping SELinux relabel, since setfiles is not available."
|
|
echo "Touching /.autorelabel to schedule a relabel when the image boots."
|
|
touch /.autorelabel
|
|
fi
|