From 787c9e9dcf1b927514d6540de448c53180eb1250 Mon Sep 17 00:00:00 2001
From: Jason Zaman <jason@perfinion.com>
Date: Mon, 14 Jul 2014 19:59:39 +0400
Subject: [PATCH] tmpfiles: set the proper SELinux context

When files are created in SELinux, they inherit the context of whoever
created them. This will restore the label after creating any files/dirs.

Signed-off-by: Jason Zaman <jason@perfinion.com>
---
 sh/tmpfiles.sh.in | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/sh/tmpfiles.sh.in b/sh/tmpfiles.sh.in
index 66612fc..acab6f2 100755
--- a/sh/tmpfiles.sh.in
+++ b/sh/tmpfiles.sh.in
@@ -52,12 +52,18 @@ relabel() {
 	done
 }
 
+_restorecon() {
+	local path=$1
+	[ -x /sbin/restorecon ] && dryrun_or_real restorecon -F "$path"
+}
+
 _b() {
 	# Create a block device node if it doesn't exist yet
 	local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6
 	if [ ! -e "$path" ]; then
 		dryrun_or_real mknod -m $mode $path b ${arg%:*} ${arg#*:}
 		dryrun_or_real chown $uid:$gid $path
+		_restorecon "$path"
 	fi
 }
 
@@ -67,6 +73,7 @@ _c() {
 	if [ ! -e "$path" ]; then
 		dryrun_or_real mknod -m $mode $path c ${arg%:*} ${arg#*:}
 		dryrun_or_real chown $uid:$gid $path
+		_restorecon "$path"
 	fi
 }
 
@@ -80,6 +87,7 @@ _f() {
 	if [ ! -e "$path" ]; then
 		dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path"
 		[ -z "$arg" ] || _w "$@"
+		_restorecon "$path"
 	fi
 }
 
@@ -91,6 +99,7 @@ _F() {
 
 	dryrun_or_real install -m"$mode" -o"$uid" -g"$gid" /dev/null "$path"
 	[ -z "$arg" ] || _w "$@"
+	_restorecon "$path"
 }
 
 _d() {
@@ -101,6 +110,7 @@ _d() {
 
 	if [ ! -d "$path" ]; then
 		dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path"
+		_restorecon "$path"
 	fi
 }
 
@@ -110,10 +120,12 @@ _D() {
 
 	if [ -d "$path" ] && [ $REMOVE -gt 0 ]; then
 		dryrun_or_real find "$path" -mindepth 1 -maxdepth 1 -xdev -exec rm -rf {} +
+		_restorecon "$path"
 	fi
 
 	if [ $CREATE -gt 0 ]; then
 		dryrun_or_real install -d -m"$mode" -o"$uid" -g"$gid" "$path"
+		_restorecon "$path"
 	fi
 }
 
@@ -121,6 +133,7 @@ _L() {
 	# Create a symlink if it doesn't exist yet
 	local path=$1 mode=$2 uid=$3 gid=$4 age=$5 arg=$6
 	[ ! -e "$path" ] && dryrun_or_real ln -s "$arg" "$path"
+	_restorecon "$path"
 }
 
 _p() {
@@ -132,6 +145,7 @@ _p() {
 	if [ ! -p "$path" ]; then
 		dryrun_or_real mkfifo -m$mode "$path"
 		dryrun_or_real chown "$uid:$gid" "$path"
+		_restorecon "$path"
 	fi
 }
 
-- 
1.8.5.5