|
 |
709a1f |
From 9bcf8ad7b9b6d8d761f7d097196b2b9bc114fa0a Mon Sep 17 00:00:00 2001
|
|
|
709a1f |
From: Petr Lautrbach <plautrba@redhat.com>
|
|
|
709a1f |
Date: Tue, 2 Jul 2019 17:12:07 +0200
|
|
|
709a1f |
Subject: [PATCH] policycoreutils/fixfiles: Force full relabel when SELinux is
|
|
|
709a1f |
disabled
|
|
|
709a1f |
|
|
|
709a1f |
The previous check used getfilecon to check whether / slash contains a label,
|
|
|
709a1f |
but getfilecon fails only when SELinux is disabled. Therefore it's better to
|
|
|
709a1f |
check this using selinuxenabled.
|
|
|
709a1f |
|
|
|
709a1f |
Signed-off-by: Petr Lautrbach <plautrba@redhat.com>
|
|
|
709a1f |
---
|
|
|
709a1f |
policycoreutils/scripts/fixfiles | 4 ++--
|
|
|
709a1f |
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
709a1f |
|
|
|
709a1f |
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles
|
|
|
709a1f |
index 9dd44213..a9d27d13 100755
|
|
|
709a1f |
--- a/policycoreutils/scripts/fixfiles
|
|
|
709a1f |
+++ b/policycoreutils/scripts/fixfiles
|
|
|
709a1f |
@@ -314,8 +314,8 @@ case "$1" in
|
|
|
709a1f |
> /.autorelabel || exit $?
|
|
|
709a1f |
[ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel
|
|
|
709a1f |
[ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel
|
|
|
709a1f |
- # Force full relabel if / does not have a label on it
|
|
|
709a1f |
- getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel
|
|
|
709a1f |
+ # Force full relabel if SELinux is not enabled
|
|
|
709a1f |
+ selinuxenabled || echo -F > /.autorelabel
|
|
|
709a1f |
echo "System will relabel on next boot"
|
|
|
709a1f |
;;
|
|
|
709a1f |
*)
|
|
|
709a1f |
--
|
|
|
709a1f |
2.21.0
|
|
|
709a1f |
|