You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
79 lines
2.6 KiB
79 lines
2.6 KiB
#!/bin/bash |
|
# |
|
# Do automatic relabelling |
|
# |
|
|
|
# . /etc/init.d/functions |
|
|
|
# If the user has this (or similar) UEFI boot order: |
|
# |
|
# Windows | grub | Linux |
|
# |
|
# And decides to boot into grub/Linux, then the reboot at the end of autorelabel |
|
# would cause the system to boot into Windows again, if the autorelabel was run. |
|
# |
|
# This function restores the UEFI boot order, so the user will boot into the |
|
# previously set (and expected) partition. |
|
efi_set_boot_next() { |
|
# NOTE: The [ -x /usr/sbin/efibootmgr ] test is not sufficent -- it could |
|
# succeed even on system which is not EFI-enabled... |
|
if ! efibootmgr > /dev/null 2>&1; then |
|
return |
|
fi |
|
|
|
# NOTE: It it possible that some other services might be setting the |
|
# 'BootNext' item for any reasons, and we shouldn't override it if so. |
|
if ! efibootmgr | grep --quiet -e 'BootNext'; then |
|
CURRENT_BOOT="$(efibootmgr | grep -e 'BootCurrent' | sed -re 's/(^.+:[[:space:]]*)([[:xdigit:]]+)/\2/')" |
|
efibootmgr -n "${CURRENT_BOOT}" > /dev/null 2>&1 |
|
fi |
|
} |
|
|
|
relabel_selinux() { |
|
# if /sbin/init is not labeled correctly this process is running in the |
|
# wrong context, so a reboot will be required after relabel |
|
AUTORELABEL= |
|
. /etc/selinux/config |
|
echo "0" > /sys/fs/selinux/enforce |
|
[ -x /bin/plymouth ] && plymouth --quit |
|
|
|
if [ "$AUTORELABEL" = "0" ]; then |
|
echo |
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. " |
|
echo $"*** /etc/selinux/config indicates you want to manually fix labeling" |
|
echo $"*** problems. Dropping you to a shell; the system will reboot" |
|
echo $"*** when you leave the shell." |
|
sulogin |
|
|
|
else |
|
echo |
|
echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required." |
|
echo $"*** Relabeling could take a very long time, depending on file" |
|
echo $"*** system size and speed of hard drives." |
|
|
|
OPTS=`cat /.autorelabel` |
|
# by default, use as many threads as there are available |
|
# another -T X in $OPTS will override the default value |
|
OPTS="-T 0 $OPTS" |
|
|
|
[ -x "/usr/sbin/quotaoff" ] && /usr/sbin/quotaoff -aug |
|
echo |
|
echo $"Running: /sbin/fixfiles $OPTS restore" |
|
/sbin/fixfiles $OPTS restore |
|
fi |
|
|
|
rm -f /.autorelabel |
|
/usr/lib/dracut/dracut-initramfs-restore |
|
efi_set_boot_next |
|
if [ -x /usr/bin/grub2-editenv ]; then |
|
grub2-editenv - incr boot_indeterminate >/dev/null 2>&1 |
|
fi |
|
sync |
|
systemctl reboot |
|
} |
|
|
|
# Check to see if a full relabel is needed |
|
if [ "$READONLY" != "yes" ]; then |
|
restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1 |
|
relabel_selinux |
|
fi
|
|
|