From 477d822d19447d8f34cd6b9c2457aef2f17dbe51 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Wed, 25 Aug 2004 19:02:43 +0000
Subject: do a SELinux relabel if forced

---
 rc.d/rc.sysinit | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

(limited to 'rc.d')

diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index c726784e..69e429d6 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -53,6 +53,24 @@ disable_selinux() {
 	echo "0" > $selinuxfs/enforce
 }
 
+relabel_selinux() {
+    echo "
+         *** Warning -- SELinux relabel is required. ***
+	 *** Disabling security enforcement.         ***
+	 *** Relabeling could take a very long time, ***
+	 *** depending on file system size.          ***
+	 "
+    echo "0" > $selinuxfs/enforce
+    mount -n -o remount,rw /
+    mount -a
+    /sbin/fixfiles -F relabel > /dev/null 2>&1 
+    rm -f  /.autorelabel 
+    mount -n -o remount,ro /
+    umount -a
+    echo "*** Enabling security enforcement.         ***"
+    echo $SELINUX > $selinuxfs/enforce
+}
+
 
 . /etc/init.d/functions
 
@@ -333,6 +351,10 @@ if [ -z "$fastboot" -a "$READONLY" != "yes" -a "X$ROOTFSTYPE" != "Xnfs" -a "X$RO
 		_RUN_QUOTACHECK=1
 	fi
 fi
+#
+# Check to see if SELinux requires a relabel
+#
+[ -n "$SELINUX" ] && [ -f /.autorelabel ] && relabel_selinux
 
 # Unmount the initrd, if necessary
 if LC_ALL=C fgrep -q /initrd /proc/mounts && ! LC_ALL=C fgrep -q /initrd/loopfs /proc/mounts ; then
-- 
cgit v1.2.1