From 8b79480663bc9de2343e0146ed8d3d0e59ab48be Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Tue, 7 Jul 2020 16:29:13 +0800
Subject: audit: set correct security context for /var/log/audit

By default /var/log is a symbolic link of /var/volatile/log. But
restorecon does not follow symbolic links then we will encounter the
following error when set /var/log/audit directory:

$ /sbin/restorecon -F /var/log/audit
/sbin/restorecon: SELinux: Could not get canonical path for /var/log/audit restorecon: Permission denied.

Use readlink to find the real path before set security context.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 recipes-security/audit/audit/auditd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 mode change 100755 => 100644 recipes-security/audit/audit/auditd

diff --git a/recipes-security/audit/audit/auditd b/recipes-security/audit/audit/auditd
old mode 100755
new mode 100644
index cda2e43..6aa7f94
--- a/recipes-security/audit/audit/auditd
+++ b/recipes-security/audit/audit/auditd
@@ -86,7 +86,7 @@ do_reload() {
 
 if [ ! -e /var/log/audit ]; then
 	mkdir -p /var/log/audit
-	[ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit
+	[ -x /sbin/restorecon ] && /sbin/restorecon -F $(readlink -f /var/log/audit)
 fi
 
 case "$1" in
-- 
cgit v1.2.3-54-g00ecf