9753a77a76
initscripts package is being slowly removed so fedora-autorelabel utility and systemd unit files need a new home. At the same time, "fedora-" prefix is changed to general "selinux-". /lib/systemd/fedora-autorelabel -> /usr/libexec/selinux/selinux-autorelabel fedora-autorelabel.service -> selinux-autorelabel.service fedora-autorelabel-mark.service -> selinux-autorelabel-mark.service Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1328825
44 lines
1.3 KiB
Bash
Executable File
44 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
#
|
|
# Do automatic relabelling
|
|
#
|
|
|
|
# . /etc/init.d/functions
|
|
|
|
relabel_selinux() {
|
|
# if /sbin/init is not labeled correctly this process is running in the
|
|
# wrong context, so a reboot will be required after relabel
|
|
AUTORELABEL=
|
|
. /etc/selinux/config
|
|
echo "0" > /sys/fs/selinux/enforce
|
|
[ -x /bin/plymouth ] && plymouth --hide-splash
|
|
|
|
if [ "$AUTORELABEL" = "0" ]; then
|
|
echo
|
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
|
|
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
|
|
echo $"*** problems. Dropping you to a shell; the system will reboot"
|
|
echo $"*** when you leave the shell."
|
|
sulogin
|
|
|
|
else
|
|
echo
|
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
|
|
echo $"*** Relabeling could take a very long time, depending on file"
|
|
echo $"*** system size and speed of hard drives."
|
|
|
|
FORCE=`cat /.autorelabel`
|
|
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
|
|
/sbin/fixfiles $FORCE restore > /dev/null 2>&1
|
|
fi
|
|
rm -f /.autorelabel
|
|
/usr/lib/dracut/dracut-initramfs-restore
|
|
systemctl --force reboot
|
|
}
|
|
|
|
# Check to see if a full relabel is needed
|
|
if [ "$READONLY" != "yes" ]; then
|
|
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
|
|
relabel_selinux
|
|
fi
|