blob: 64bf1a8612dc1d3f9d7df0e9df7598fa3b217b6f [file] [log] [blame]
#!/bin/sh
/usr/sbin/selinuxenabled 2>/dev/null || exit 0
CHCON=/usr/bin/chcon
MATCHPATHCON=/usr/sbin/matchpathcon
RESTORECON=/sbin/restorecon
mkdir -p /dev/socket -m 777
for i in ${CHCON} ${MATCHPATHCON} ${RESTORECON}; do
test -x $i && continue
echo "$i is missing in the system."
echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
exit 1
done
# Because /dev/console is not relabeled by kernel, many commands
# would can not use it, including restorecon.
${CHCON} -t `${MATCHPATHCON} -n /dev/null | cut -d: -f3` /dev/null
${CHCON} -t `${MATCHPATHCON} -n /dev/console | cut -d: -f3` /dev/console
# Now, we should relabel /dev for most services.
mkdir -p /dev/socket -m 777
${RESTORECON} -RF /dev
exit 0