Tree - rpms/policycoreutils - CentOS Git server

rpms / policycoreutils

Files

Blob Blame History Raw

 #!/bin/bash
#
# Do automatic relabelling
#
 
# . /etc/init.d/functions
 
# If the user has this (or similar) UEFI boot order:
#
#             Windows | grub | Linux
#
# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
# would cause the system to boot into Windows again, if the autorelabel was run.
#
# This function restores the UEFI boot order, so the user will boot into the
# previously set (and expected) partition.
efi_set_boot_next() {
    # NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
    #       succeed even on system which is not EFI-enabled...
    if ! efibootmgr > /dev/null 2>&1; then
        return
    fi
 
    # NOTE: It it possible that some other services might be setting the
    #       'BootNext' item for any reasons, and we shouldn't override it if so.
    if ! efibootmgr | grep --quiet -e 'BootNext'; then
        CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
        efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
    fi
}
 
relabel_selinux() {
    # if /sbin/init is not labeled correctly this process is running in the
    # wrong context, so a reboot will be required after relabel
    AUTORELABEL=
    . /etc/selinux/config
    echo "0" > /sys/fs/selinux/enforce
    [ -x /bin/plymouth ] && plymouth --quit
 
    if [ "$AUTORELABEL" = "0" ]; then
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
	echo $"*** problems. Dropping you to a shell; the system will reboot"
	echo $"*** when you leave the shell."
	sulogin
 
    else
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
	echo $"*** Relabeling could take a very long time, depending on file"
	echo $"*** system size and speed of hard drives."
 
	FORCE=`cat /.autorelabel`
        [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
	/sbin/fixfiles $FORCE restore
    fi
 
    rm -f  /.autorelabel
    /usr/lib/dracut/dracut-initramfs-restore
    efi_set_boot_next
    if [ -x /usr/bin/grub2-editenv ]; then
        grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
    fi
    sync
    systemctl reboot
}
 
# Check to see if a full relabel is needed
if [ "$READONLY" != "yes" ]; then
    restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
    relabel_selinux
fi

	#!/bin/bash
	#
	# Do automatic relabelling
	#

	# . /etc/init.d/functions

	# If the user has this (or similar) UEFI boot order:
	#
	# Windows \| grub \| Linux
	#
	# And decides to boot into grub/Linux, then the reboot at the end of autorelabel
	# would cause the system to boot into Windows again, if the autorelabel was run.
	#
	# This function restores the UEFI boot order, so the user will boot into the
	# previously set (and expected) partition.
	efi_set_boot_next() {
	# NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could
	# succeed even on system which is not EFI-enabled...
	if ! efibootmgr > /dev/null 2>&1; then
	return
	fi

	# NOTE: It it possible that some other services might be setting the
	# 'BootNext' item for any reasons, and we shouldn't override it if so.
	if ! efibootmgr \| grep --quiet -e 'BootNext'; then
	CURRENT_BOOT="$(efibootmgr \| grep -e 'BootCurrent' \| sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')"
	efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1
	fi
	}

	relabel_selinux() {
	# if /sbin/init is not labeled correctly this process is running in the
	# wrong context, so a reboot will be required after relabel
	AUTORELABEL=
	. /etc/selinux/config
	echo "0" > /sys/fs/selinux/enforce
	[ -x /bin/plymouth ] && plymouth --quit

	if [ "$AUTORELABEL" = "0" ]; then
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
	echo $"*** problems. Dropping you to a shell; the system will reboot"
	echo $"*** when you leave the shell."
	sulogin

	else
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
	echo $"*** Relabeling could take a very long time, depending on file"
	echo $"*** system size and speed of hard drives."

	FORCE=`cat /.autorelabel`
	[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
	/sbin/fixfiles $FORCE restore
	fi

	rm -f /.autorelabel
	/usr/lib/dracut/dracut-initramfs-restore
	efi_set_boot_next
	if [ -x /usr/bin/grub2-editenv ]; then
	grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
	fi
	sync
	systemctl reboot
	}

	# Check to see if a full relabel is needed
	if [ "$READONLY" != "yes" ]; then
	restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
	relabel_selinux
	fi

rpms / policycoreutils

Source Code

Files