aboutsummaryrefslogtreecommitdiffstats
path: root/systemd/rhel-autorelabel
blob: 2c2099f276f90c8922f33498061145bdb8288cd7 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
#!/bin/bash
#
# Do automatic relabelling
#

. /etc/init.d/functions

relabel_selinux() {
    # if /sbin/init is not labeled correctly this process is running in the
    # wrong context, so a reboot will be required after relabel
    AUTORELABEL=
    . /etc/selinux/config
    echo "0" > /sys/fs/selinux/enforce
    [ -x /bin/plymouth ] && plymouth --hide-splash

    if [ "$AUTORELABEL" = "0" ]; then
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
	echo $"*** problems. Dropping you to a shell; the system will reboot"
	echo $"*** when you leave the shell."
	sulogin

    else
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
	echo $"*** Relabeling could take a very long time, depending on file"
	echo $"*** system size and speed of hard drives."

	FORCE=`cat /.autorelabel`
        [ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug
	/sbin/fixfiles $FORCE restore > /dev/null 2>&1
    fi
    rm -f  /.autorelabel
    /usr/lib/dracut/dracut-initramfs-restore
    sync
    systemctl --force reboot
}

# Check to see if a full relabel is needed
if [ "$READONLY" != "yes" ]; then
    restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
    relabel_selinux
fi