SELinux: Make the initscript to a restorecon on various files

Make the initscript to a restorecon on various files to make sure they have the
right security context.

Signed-off-by: David Howells <dhowells@redhat.com>

2 files changed, 9 insertions, 1 deletions

diff --git a/cachefilesd.initd b/cachefilesd.initd
index 06c4237..c1856dd 100755
--- a/cachefilesd.initd
+++ b/cachefilesd.initd
@@ -19,13 +19,14 @@ fi
 [ "${NETWORKING}" = "no" ] && exit 0
 
 
-OPTIONS=""
 RETVAL=0
+CONFFILE=/etc/cachefilesd.conf
 LOCKFILE=/var/lock/subsys/cachefilesd
 PIDFILE=/var/run/cachefilesd.pid
 MODPROBE=/sbin/modprobe
 MODPROBE_ARGS=""
 PROG="cachefilesd"
+OPTIONS="-f $CONFFILE"
 
 [ ! -x /sbin/$PROG ] && exit 0
 
@@ -42,6 +43,11 @@ case "$1" in
 
 	echo -n $"Starting $PROG: "
 
+	# Set security contexts 
+	/sbin/restorecon /sbin/cachefilesd
+	/sbin/restorecon /dev/cachefiles
+	/sbin/restorecon -R `awk -- '/^dir/ { print $2 }' $CONFFILE`
+
 	# Load the cachefiles module if needed
 	[ -x "$MODPROBE" ] && {
 		if ! /sbin/lsmod | grep cachefiles > /dev/null ; then
diff --git a/redhat/cachefilesd.spec b/redhat/cachefilesd.spec
index 40a9747..e7f89c3 100644
--- a/redhat/cachefilesd.spec
+++ b/redhat/cachefilesd.spec
@@ -87,6 +87,8 @@ fi
 - The SELinux policies for cachefilesd now live in the selinux-policy RPM, so
   the cachefilesd-selinux RPM is now redundant.
 - Move the default cache dir to /var/cache/fscache.
+- Make the initscript do a restorecon when starting the cache to make sure the
+  labels are correct.
 
 * Thu Feb 25 2010 David Howells <dhowells@redhat.com>
 - Fix the SELinux policies for cachefilesd.