selinux-autorelabel: set UEFI boot order (BootNext) same as BootCurrent

This can be useful when user has this UEFI boot order e.g.:

                 Windows | grub | Linux

  And decides to boot into grub/Linux. In case the autorelabel service
  is being run after the boot into grub, then the reboot after the
  autorelabel is done will cause user to boot into Windows again...

  This change should make the behaviour more intuitive for the user.

Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>

selinux-autorelabel

@@ -5,6 +5,30 @@
 
 # . /etc/init.d/functions
 
+# If the user has this (or similar) UEFI boot order:
+#
+#             Windows | grub | Linux
+#
+# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
+# would cause the system to boot into Windows again, if the autorelabel was run.
+#
+# This function restores the UEFI boot order, so the user will boot into the
+# previously set (and expected) partition.
+efi_set_boot_next() {
+    # NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
+    #       succeed even on system which is not EFI-enabled...
+    if ! efibootmgr > /dev/null 2>&1; then
+        return
+    fi
+
+    # NOTE: It it possible that some other services might be setting the
+    #       'BootNext' item for any reasons, and we shouldn't override it if so.
+    if ! efibootmgr | grep --quiet -e 'BootNext'; then
+        CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
+        efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
+    fi
+}
+
 relabel_selinux() {
     # if /sbin/init is not labeled correctly this process is running in the
     # wrong context, so a reboot will be required after relabel
@@ -31,8 +55,10 @@ relabel_selinux() {
         [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
 	/sbin/fixfiles $FORCE restore
     fi
+
     rm -f  /.autorelabel
     /usr/lib/dracut/dracut-initramfs-restore
+    efi_set_boot_next
     systemctl --force reboot
 }