File fixfiles.patch of Package microos-tools
diff --git a/selinux/98selinux-microos/selinux-microos-relabel.sh b/selinux/98selinux-microos/selinux-microos-relabel.sh
index 8150673..044f5b7 100755
--- a/selinux/98selinux-microos/selinux-microos-relabel.sh
+++ b/selinux/98selinux-microos/selinux-microos-relabel.sh
@@ -78,16 +78,21 @@ rd_microos_relabel()
. "${ROOT_SELINUX}"/etc/selinux/config
# Marker when we had relabelled the filesystem. This is relabelled as well.
> "${ROOT_SELINUX}"/etc/selinux/.relabelled
- if [ -n "$etc_is_overlay" ]; then
- LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -T 0 -e /var/lib/overlay -e /proc -e /sys -e /dev -e /etc "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts)
- # On overlayfs, st_dev isn't consistent so setfiles thinks it's a different mountpoint, ignoring it.
- # st_dev changes also on copy-up triggered by setfiles itself, so the only way to relabel properly
- # is to list every file explicitly.
- # That's not all: There's a kernel bug that security.selinux of parent directories is lost on copy-up (bsc#1210690).
- # Work around that by visiting children first and only then the parent directories.
- LANG=C chroot "$ROOT_SELINUX" find /etc -depth -exec /sbin/setfiles $FORCE "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" \{\} +
+ if [ -f "$NEWROOT"/etc/selinux/.file_contexts.pre ]; then
+ LANG=C chroot "$ROOT_SELINUX" /sbin/fixfiles -C "$NEWROOT"/etc/selinux/.file_contexts.pre -T 0 restore
+ rm -f "$NEWROOT"/etc/selinux/.file_contexts.pre
else
- LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -T 0 -e /proc -e /sys -e /dev "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts)
+ if [ -n "$etc_is_overlay" ]; then
+ LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -T 0 -e /var/lib/overlay -e /proc -e /sys -e /dev -e /etc "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts)
+ # On overlayfs, st_dev isn't consistent so setfiles thinks it's a different mountpoint, ignoring it.
+ # st_dev changes also on copy-up triggered by setfiles itself, so the only way to relabel properly
+ # is to list every file explicitly.
+ # That's not all: There's a kernel bug that security.selinux of parent directories is lost on copy-up (bsc#1210690).
+ # Work around that by visiting children first and only then the parent directories.
+ LANG=C chroot "$ROOT_SELINUX" find /etc -depth -exec /sbin/setfiles $FORCE "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" \{\} +
+ else
+ LANG=C chroot "$ROOT_SELINUX" /sbin/setfiles $FORCE -T 0 -e /proc -e /sys -e /dev "/etc/selinux/${SELINUXTYPE}/contexts/files/file_contexts" $(chroot "$ROOT_SELINUX" cut -d" " -f2 /proc/mounts)
+ fi
fi
if [ -n "$root_is_btrfs" ]; then
btrfs prop set "${ROOT_SELINUX}" ro "${oldrovalue}"
@@ -112,7 +117,7 @@ if [ -e "$NEWROOT"/.autorelabel ] && [ "$NEWROOT"/.autorelabel -nt "$NEWROOT"/et
fi
if rd_is_selinux_enabled; then
- if [ -f "$NEWROOT"/etc/selinux/.autorelabel ] || getarg "autorelabel" > /dev/null; then
+ if [ -f "$NEWROOT"/etc/selinux/.autorelabel ] || getarg "autorelabel" > /dev/null || [ -f "$NEWROOT"/etc/selinux/.file_contexts.pre ]; then
if ! rd_microos_relabel; then
warn "SELinux autorelabelling failed!"
return 1
