udev: restorecon /run to allow mdadm creating /run/mdadm

This change bases on the factors during bootup:

a. the default type for /run is var_run_t;
b. the type for /run will be changed to tmpfs_t after tmpfs mounted;
c. the type for /run will be fixed after populate-volatile.sh run.

udev service is started in b->c period, fix the type for /run from
udev init script to remove:

  avc: denied { write } for pid=294 comm="mdadm" \
  name="/" dev="tmpfs" ino=10581 \
  scontext=system_u:system_r:mdadm_t:s0-s15:c0.c1023 \
  tcontext=system_u:object_r:tmpfs_t:s0 tclass=dir

Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>

1 files changed, 3 insertions, 0 deletions

diff --git a/recipes-core/udev/udev/init b/recipes-core/udev/udev/init
index 66359f2..bb8b95b 100644
--- a/recipes-core/udev/udev/init
+++ b/recipes-core/udev/udev/init
@@ -61,6 +61,9 @@ case "$1" in
     # /var/volatile/tmp directory to be available.
     mkdir -p /var/volatile/tmp
 
+    # restorecon /run early to allow mdadm creating dir /run/mdadm
+    test ! -x /sbin/restorecon || /sbin/restorecon -F /run
+
     # Cache handling.
     # A list of files which are used as a criteria to judge whether the udev cache could be reused.
     CMP_FILE_LIST="/proc/version /proc/cmdline /proc/devices /proc/atags"