rpms/policycoreutils
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1083f0e66f
policycoreutils/selinux-autorelabel
Alan Jenkins db14db8479 selinux-autorelabel: remove incorrect redirection to /dev/null 
This code is currently incorrect.  Currently redirecting `fixfiles` to
/dev/null will have very little effect.  Two messages will be suppressed,
but both the percentage progress indicator, and any errors from
the setfiles/restorecon binary will still be shown.

The fact that fixfiles redirected its log output to stdin (!) was purely
an implementation artefact.  It was used to write log messages even inside
shell functions whose output is captured e.g. `RESULT=$(shell_func)`.

When fixfiles is fixed to support output redirection normally, this code
would now behave incorrectly.  It would suppress all percentage progress
messages for this long-running process.

Signed-off-by: Alan Jenkins <alan.christopher.jenkins@gmail.com>
2017-04-06 13:46:25 +02:00

44 lines
1.3 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# Do automatic relabelling
#
# . /etc/init.d/functions
relabel_selinux() {
# if /sbin/init is not labeled correctly this process is running in the
# wrong context, so a reboot will be required after relabel
AUTORELABEL=
. /etc/selinux/config
echo "0" > /sys/fs/selinux/enforce
[ -x /bin/plymouth ] && plymouth --hide-splash
if [ "$AUTORELABEL" = "0" ]; then
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
echo $"*** problems. Dropping you to a shell; the system will reboot"
echo $"*** when you leave the shell."
sulogin
else
echo
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
echo $"*** Relabeling could take a very long time, depending on file"
echo $"*** system size and speed of hard drives."
FORCE=`cat /.autorelabel`
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
/sbin/fixfiles $FORCE restore
fi
rm -f /.autorelabel
/usr/lib/dracut/dracut-initramfs-restore
systemctl --force reboot
}
# Check to see if a full relabel is needed
if [ "$READONLY" != "yes" ]; then
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
relabel_selinux
fi
Reference in New Issue View Git Blame Copy Permalink