From 19089953e2a2ce8d68f92fb51b1ca3922ea66966 Mon Sep 17 00:00:00 2001
From: Yi Zhao <yi.zhao@windriver.com>
Date: Wed, 8 Dec 2021 15:33:44 +0800
Subject: selinux: move selinux scripts to selinux-scripts

There are too many recipes in recipes-security/selinux. Keep the selinux
userspace recipes and move selinux scripts to selinux-scripts directory
to make the directory hierarchy clearer.

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
---
 .../selinux-autorelabel/selinux-autorelabel.sh     | 25 ++++++++++++++++++++++
 1 file changed, 25 insertions(+)
 create mode 100644 recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh

(limited to 'recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh')

diff --git a/recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh b/recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh
new file mode 100644
index 0000000..25b6921
--- /dev/null
+++ b/recipes-security/selinux-scripts/selinux-autorelabel/selinux-autorelabel.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+/usr/sbin/selinuxenabled 2>/dev/null || exit 0
+
+FIXFILES=/sbin/fixfiles
+SETENFORCE=/usr/sbin/setenforce
+
+for i in ${FIXFILES} ${SETENFORCE}; do
+	test -x $i && continue
+	echo "$i is missing in the system."
+	echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
+	exit 1
+done
+
+# If /.autorelabel placed, the whole file system should be relabeled
+if [ -f /.autorelabel ]; then
+	echo "SELinux: /.autorelabel placed, filesystem will be relabeled..."
+	${SETENFORCE} 0
+	${FIXFILES} -F -f relabel
+	/bin/rm -f /.autorelabel
+	echo " * Relabel done, rebooting the system."
+	/sbin/reboot
+fi
+
+exit 0
-- 
cgit v1.2.3-54-g00ecf