tmpfiles: run restorecon on the entire path

The tmpfiles "d" entry will create a full path and only the last dir in
the path will have its SELinux label set correctly. This patch will
restorecon the parents as well so that the selinux labels are correct.

eg, "d /run/libvirt/lxc", then "lxc" would have the correct SELinux
label but "libvirt" would not.

Signed-off-by: Jason Zaman <jason@perfinion.com>
This commit is contained in:
Jason Zaman 2015-07-11 00:45:11 +04:00 committed by Doug Freed
parent f69833a1e1
commit 6a42298257

View File

@ -53,10 +53,18 @@ relabel() {
done done
} }
splitpath() {
local path=$1
while [ -n "$path" ]; do
echo $path
path=${path%/*}
done
}
_restorecon() { _restorecon() {
local path=$1 local path=$1
if [ -x /sbin/restorecon ]; then if [ -x /sbin/restorecon ]; then
dryrun_or_real restorecon -F "$path" dryrun_or_real restorecon -F $(splitpath "$path")
fi fi
} }
@ -122,6 +130,7 @@ _d() {
if [ ! -d "$path" ]; then if [ ! -d "$path" ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null dryrun_or_real mkdir -p "$path" 2>/dev/null
_restorecon "$path"
dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path" dryrun_or_real $CHECKPATH -dq -m "$mode" -o "$uid:$gid" "$path"
fi fi
} }
@ -137,6 +146,7 @@ _D() {
if [ $CREATE -gt 0 ]; then if [ $CREATE -gt 0 ]; then
dryrun_or_real mkdir -p "$path" 2>/dev/null dryrun_or_real mkdir -p "$path" 2>/dev/null
_restorecon "$path"
dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path" dryrun_or_real $CHECKPATH -Dq -m "$mode" -o "$uid:$gid" "$path"
fi fi
} }