commit: 6a422982579786cb8308af04ccca6622afa06e50
Author: Jason Zaman <jason <AT> perfinion <DOT> com>
AuthorDate: Fri Jul 10 20:45:11 2015 +0000
Commit: William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Mon Aug 3 19:51:16 2015 +0000
URL: https://gitweb.gentoo.org/proj/openrc.git/commit/?id=6a422982
tmpfiles: run restorecon on the entire path
The tmpfiles "d" entry will create a full path and only the last dir in
the path will have its SELinux label set correctly. This patch will
restorecon the parents as well so that the selinux labels are correct.
eg, "d /run/libvirt/lxc", then "lxc" would have the correct SELinux
label but "libvirt" would not.
Signed-off-by: Jason Zaman <jason <AT> perfinion.com>
sh/tmpfiles.sh.in | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/sh/tmpfiles.sh.in b/sh/tmpfiles.sh.in
index 89bd03e..43442d7 100644
--- a/sh/tmpfiles.sh.in
+++ b/sh/tmpfiles.sh.in
@@ -53,10 +53,18 @@ relabel() {
done
}
+splitpath() {
+ local path=$1
+ while [ -n "$path" ]; do
+ echo $path
+ path=${path%/*}
+ done
+}
+
_restorecon() {
local path=$1
if [ -x /sbin/restorecon ]; then
- dryrun_or_real restorecon -F "$path"
+ dryrun_or_real restorecon -F $(splitpath "$path")
fi
}
@@ -122,6 +130,7 @@ _d() {
if [ ! -d "$path" ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null
+ _restorecon "$path"
dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path"
fi
}
@@ -137,6 +146,7 @@ _D() {
if [ $CREATE -gt 0 ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null
+ _restorecon "$path"
dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path"
fi
}
