|
|
0cec52 |
#!/bin/bash
|
|
|
0cec52 |
#
|
|
|
0cec52 |
# Do automatic relabelling
|
|
|
0cec52 |
#
|
|
|
0cec52 |
|
|
|
0cec52 |
# . /etc/init.d/functions
|
|
|
0cec52 |
|
|
|
0cec52 |
# If the user has this (or similar) UEFI boot order:
|
|
|
0cec52 |
#
|
|
|
0cec52 |
# Windows | grub | Linux
|
|
|
0cec52 |
#
|
|
|
0cec52 |
# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
|
|
|
0cec52 |
# would cause the system to boot into Windows again, if the autorelabel was run.
|
|
|
0cec52 |
#
|
|
|
0cec52 |
# This function restores the UEFI boot order, so the user will boot into the
|
|
|
0cec52 |
# previously set (and expected) partition.
|
|
|
0cec52 |
efi_set_boot_next() {
|
|
|
0cec52 |
# NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
|
|
|
0cec52 |
# succeed even on system which is not EFI-enabled...
|
|
|
0cec52 |
if ! efibootmgr > /dev/null 2>&1; then
|
|
|
0cec52 |
return
|
|
|
0cec52 |
fi
|
|
|
0cec52 |
|
|
|
0cec52 |
# NOTE: It it possible that some other services might be setting the
|
|
|
0cec52 |
# 'BootNext' item for any reasons, and we shouldn't override it if so.
|
|
|
0cec52 |
if ! efibootmgr | grep --quiet -e 'BootNext'; then
|
|
|
0cec52 |
CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
|
|
|
0cec52 |
efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
|
|
|
0cec52 |
fi
|
|
|
0cec52 |
}
|
|
|
0cec52 |
|
|
|
0cec52 |
relabel_selinux() {
|
|
|
0cec52 |
# if /sbin/init is not labeled correctly this process is running in the
|
|
|
0cec52 |
# wrong context, so a reboot will be required after relabel
|
|
|
0cec52 |
AUTORELABEL=
|
|
|
0cec52 |
. /etc/selinux/config
|
|
|
0cec52 |
echo "0" > /sys/fs/selinux/enforce
|
|
|
0cec52 |
[ -x /bin/plymouth ] && plymouth --quit
|
|
|
0cec52 |
|
|
|
0cec52 |
if [ "$AUTORELABEL" = "0" ]; then
|
|
|
0cec52 |
echo
|
|
|
0cec52 |
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
|
|
|
0cec52 |
echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
|
|
|
0cec52 |
echo $"*** problems. Dropping you to a shell; the system will reboot"
|
|
|
0cec52 |
echo $"*** when you leave the shell."
|
|
|
0cec52 |
sulogin
|
|
|
0cec52 |
|
|
|
0cec52 |
else
|
|
|
0cec52 |
echo
|
|
|
0cec52 |
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
|
|
|
0cec52 |
echo $"*** Relabeling could take a very long time, depending on file"
|
|
|
0cec52 |
echo $"*** system size and speed of hard drives."
|
|
|
0cec52 |
|
|
|
0cec52 |
FORCE=`cat /.autorelabel`
|
|
|
0cec52 |
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
|
|
|
0cec52 |
/sbin/fixfiles $FORCE restore
|
|
|
0cec52 |
fi
|
|
|
0cec52 |
|
|
|
0cec52 |
rm -f /.autorelabel
|
|
|
0cec52 |
/usr/lib/dracut/dracut-initramfs-restore
|
|
|
0cec52 |
efi_set_boot_next
|
|
|
0cec52 |
if [ -x /usr/bin/grub2-editenv ]; then
|
|
|
0cec52 |
grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
|
|
|
0cec52 |
fi
|
|
|
0cec52 |
sync
|
|
|
4b0001 |
systemctl reboot
|
|
|
0cec52 |
}
|
|
|
0cec52 |
|
|
|
0cec52 |
# Check to see if a full relabel is needed
|
|
|
0cec52 |
if [ "$READONLY" != "yes" ]; then
|
|
|
0cec52 |
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
|
|
|
0cec52 |
relabel_selinux
|
|
|
0cec52 |
fi
|