4e68a7965b
Running fixfiles after setfiles is redundant. setfiles already corrected the SELinux file security contexts. Change-Id: I48067f06968c5add48fa91a1496b9bf36944546c Closes-Bug: #1316241
19 lines
673 B
Bash
Executable File
19 lines
673 B
Bash
Executable File
#!/bin/bash
|
|
|
|
set -eux
|
|
set -o pipefail
|
|
|
|
CONFIGURED_SELINUX=$(grep ^SELINUX= /etc/selinux/config | awk -F = '{print $2}')
|
|
|
|
if [ "$CONFIGURED_SELINUX" == "enforcing" ]; then
|
|
# Without fixing selinux file labels, sshd will run in the kernel_t domain
|
|
# instead of the sshd_t domain, making ssh connections fail with
|
|
# "Unable to get valid context for <user>" error message
|
|
setfiles /etc/selinux/targeted/contexts/files/file_contexts /
|
|
else
|
|
echo "Skipping SELinux relabel, since it is not Enforcing."
|
|
echo "To relabel once the image is running, use:"
|
|
echo "setfiles /etc/selinux/targeted/contexts/files/file_contexts /"
|
|
echo "fixfiles restore"
|
|
fi
|