aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh
diff options
context:
space:
mode:
Diffstat (limited to 'recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh')
-rw-r--r--recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh24
1 files changed, 24 insertions, 0 deletions
diff --git a/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh b/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh
new file mode 100644
index 0000000..62e7a42
--- /dev/null
+++ b/recipes-security/selinux-scripts/selinux-labeldev/selinux-labeldev.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+/usr/sbin/selinuxenabled 2>/dev/null || exit 0
+
+CHCON=/usr/bin/chcon
+MATCHPATHCON=/usr/sbin/matchpathcon
+RESTORECON=/sbin/restorecon
+
+for i in ${CHCON} ${MATCHPATHCON} ${RESTORECON}; do
+ test -x $i && continue
+ echo "$i is missing in the system."
+ echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
+ exit 1
+done
+
+# Because /dev/console is not relabeled by kernel, many commands
+# would can not use it, including restorecon.
+${CHCON} -t `${MATCHPATHCON} -n /dev/null | cut -d: -f3` /dev/null
+${CHCON} -t `${MATCHPATHCON} -n /dev/console | cut -d: -f3` /dev/console
+
+# Now, we should relabel /dev for most services.
+${RESTORECON} -RF /dev
+
+exit 0
generated by cgit 1.2.3-korg (git 2.39.0) at 2024-05-04 15:22:15 +0000