4af347c8e5
This can be useful when user has this UEFI boot order e.g.:
Windows | grub | Linux
And decides to boot into grub/Linux. In case the autorelabel service
is being run after the boot into grub, then the reboot after the
autorelabel is done will cause user to boot into Windows again...
This change should make the behaviour more intuitive for the user.
Signed-off-by: David Kaspar [Dee'Kej] <dkaspar@redhat.com>
70 lines
2.3 KiB
Bash
Executable File
70 lines
2.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Do automatic relabelling
|
|
#
|
|
|
|
# . /etc/init.d/functions
|
|
|
|
# If the user has this (or similar) UEFI boot order:
|
|
#
|
|
# Windows | grub | Linux
|
|
#
|
|
# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
|
|
# would cause the system to boot into Windows again, if the autorelabel was run.
|
|
#
|
|
# This function restores the UEFI boot order, so the user will boot into the
|
|
# previously set (and expected) partition.
|
|
efi_set_boot_next() {
|
|
# NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
|
|
# succeed even on system which is not EFI-enabled...
|
|
if ! efibootmgr > /dev/null 2>&1; then
|
|
return
|
|
fi
|
|
|
|
# NOTE: It it possible that some other services might be setting the
|
|
# 'BootNext' item for any reasons, and we shouldn't override it if so.
|
|
if ! efibootmgr | grep --quiet -e 'BootNext'; then
|
|
CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
|
|
efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
|
|
fi
|
|
}
|
|
|
|
relabel_selinux() {
|
|
# if /sbin/init is not labeled correctly this process is running in the
|
|
# wrong context, so a reboot will be required after relabel
|
|
AUTORELABEL=
|
|
. /etc/selinux/config
|
|
echo "0" > /sys/fs/selinux/enforce
|
|
[ -x /bin/plymouth ] && plymouth --hide-splash
|
|
|
|
if [ "$AUTORELABEL" = "0" ]; then
|
|
echo
|
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
|
|
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
|
|
echo $"*** problems. Dropping you to a shell; the system will reboot"
|
|
echo $"*** when you leave the shell."
|
|
sulogin
|
|
|
|
else
|
|
echo
|
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
|
|
echo $"*** Relabeling could take a very long time, depending on file"
|
|
echo $"*** system size and speed of hard drives."
|
|
|
|
FORCE=`cat /.autorelabel`
|
|
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
|
|
/sbin/fixfiles $FORCE restore
|
|
fi
|
|
|
|
rm -f /.autorelabel
|
|
/usr/lib/dracut/dracut-initramfs-restore
|
|
efi_set_boot_next
|
|
systemctl --force reboot
|
|
}
|
|
|
|
# Check to see if a full relabel is needed
|
|
if [ "$READONLY" != "yes" ]; then
|
|
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
|
|
relabel_selinux
|
|
fi
|