From 6a422982579786cb8308af04ccca6622afa06e50 Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Sat, 11 Jul 2015 00:45:11 +0400
Subject: [PATCH] tmpfiles: run restorecon on the entire path

The tmpfiles "d" entry will create a full path and only the last dir in
the path will have its SELinux label set correctly. This patch will
restorecon the parents as well so that the selinux labels are correct.

eg, "d /run/libvirt/lxc", then "lxc" would have the correct SELinux
label but "libvirt" would not.

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 sh/tmpfiles.sh.in | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/sh/tmpfiles.sh.in b/sh/tmpfiles.sh.in
index 89bd03e8..43442d79 100644
--- a/sh/tmpfiles.sh.in
+++ b/sh/tmpfiles.sh.in
@@ -53,10 +53,18 @@ relabel() {
 	done
 }
 
+splitpath() {
+    local path=$1
+    while [ -n "$path" ]; do
+        echo $path
+        path=${path%/*}
+    done
+}
+
 _restorecon() {
     local path=$1
     if [ -x /sbin/restorecon ]; then
-        dryrun_or_real restorecon -F "$path"
+        dryrun_or_real restorecon -F $(splitpath "$path")
     fi
 }
 
@@ -122,6 +130,7 @@ _d() {
 
 	if [ ! -d "$path" ]; then
 		dryrun_or_real mkdir -p "$path" 2>/dev/null
+		_restorecon "$path"
 		dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path"
 	fi
 }
@@ -137,6 +146,7 @@ _D() {
 
 	if [ $CREATE -gt 0 ]; then
 		dryrun_or_real mkdir -p "$path" 2>/dev/null
+		_restorecon "$path"
 		dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path"
 	fi
 }