shaba/dracut
1
0
Fork 0
mirror of https://github.com/dracutdevs/dracut.git synced 2024-10-26 07:55:28 +03:00
Code Issues Projects Releases Wiki Activity

fix(dracut-initramfs-restore.sh): do not set selinux labels if disabled

Browse Source 
Also, it's not enough to check if `SELINUX=disabled` in /etc/selinux/config,
because it can be disabled via kernel command line options.
This commit is contained in:
Antonio Alvarez Feijoo 2023-09-12 15:07:16 +02:00 committed by Laszlo Gombos
parent 1586af098f
commit 4d594210d6
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
dracut-initramfs-restore.sh
View File

@ -75,9 +75,12 @@ if [[ -d squash ]]; then
fi
fi
if [ -e /etc/selinux/config -a -x /usr/sbin/setfiles ]; then
if grep -q -w selinux /sys/kernel/security/lsm 2> /dev/null \
&& [ -e /etc/selinux/config -a -x /usr/sbin/setfiles ]; then
. /etc/selinux/config
[ -n "${SELINUXTYPE}" ] && /usr/sbin/setfiles -v -r /run/initramfs /etc/selinux/"${SELINUXTYPE}"/contexts/files/file_contexts /run/initramfs > /dev/null
if [[ $SELINUX != "disabled" && -n $SELINUXTYPE ]]; then
/usr/sbin/setfiles -v -r /run/initramfs /etc/selinux/"${SELINUXTYPE}"/contexts/files/file_contexts /run/initramfs > /dev/null
fi
fi
exit 0