| Message ID | 20190924190854.245105-2-plautrba@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [1/2] policycoreutils/fixfiles: Fix [-B] [-F] onboot | expand |
On 9/24/19 3:08 PM, Petr Lautrbach wrote: > The previous check used getfilecon to check whether / slash contains a label, > but getfilecon fails only when SELinux is disabled. Therefore it's better to > check this using selinuxenabled. Thanks, applied both patches. > > Signed-off-by: Petr Lautrbach <plautrba@redhat.com> > --- > policycoreutils/scripts/fixfiles | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles > index 678fca40..ab0848ff 100755 > --- a/policycoreutils/scripts/fixfiles > +++ b/policycoreutils/scripts/fixfiles > @@ -313,8 +313,8 @@ case "$1" in > > /.autorelabel || exit $? > [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel > [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel > - # Force full relabel if / does not have a label on it > - getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel > + # Force full relabel if SELinux is not enabled > + selinuxenabled || echo -F > /.autorelabel > echo "System will relabel on next boot" > ;; > *) >
diff --git a/policycoreutils/scripts/fixfiles b/policycoreutils/scripts/fixfiles index 678fca40..ab0848ff 100755 --- a/policycoreutils/scripts/fixfiles +++ b/policycoreutils/scripts/fixfiles @@ -313,8 +313,8 @@ case "$1" in > /.autorelabel || exit $? [ -z "$FORCEFLAG" ] || echo -n "$FORCEFLAG " >> /.autorelabel [ -z "$BOOTTIME" ] || echo -N $BOOTTIME >> /.autorelabel - # Force full relabel if / does not have a label on it - getfilecon / > /dev/null 2>&1 || echo -F >/.autorelabel + # Force full relabel if SELinux is not enabled + selinuxenabled || echo -F > /.autorelabel echo "System will relabel on next boot" ;; *)
The previous check used getfilecon to check whether / slash contains a label, but getfilecon fails only when SELinux is disabled. Therefore it's better to check this using selinuxenabled. Signed-off-by: Petr Lautrbach <plautrba@redhat.com> --- policycoreutils/scripts/fixfiles | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)