20-grub-install: Restore default SELinux security contexts for BLS files

The BLS files are copied from /lib/modules/$(uname -r)/bls.conf and this file has a SELinux label of "system_u:object_r:modules_object_t" like all the other files that are installed by the kernel package. But the files in the /boot directory are expected to have a SELinux label of "system_u:object_r:boot_t". For all the other files that are copied to /boot by the kernel-install script, the SELinux security contexts are restored to the default but that was missing for the BLS files. Resolves: rhbz#1726020 Signed-off-by: Javier Martinez Canillas <javierm@redhat.com>
2019-07-18 13:37:00 +02:00 · 2019-07-18 13:37:00 +02:00 · d8bbf039e9
commit d8bbf039e9
parent a1dedc8a10
2 changed files with 7 additions and 1 deletions
--- a/20-grub.install
+++ b/20-grub.install
@ -89,6 +89,8 @@ case "$COMMAND" in
                    "$(date -u +%Y%m%d%H%M%S -d "$(stat -c '%y' "${KERNEL_DIR}")")" \
                    >"${BLS_TARGET}"
            fi
+            command -v restorecon &>/dev/null && \
+                restorecon -R "${BLS_TARGET}"

            LINUX="$(grep '^linux[ \t]' "${BLS_TARGET}" | sed -e 's,^linux[ \t]*,,')"
            INITRD="$(grep '^initrd[ \t]' "${BLS_TARGET}" | sed -e 's,^initrd[ \t]*,,')"
--- a/grub2.spec
+++ b/grub2.spec
@ -7,7 +7,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.02
-Release:	93%{?dist}
+Release:	94%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@ -518,6 +518,10 @@ rm -r /boot/grub2.tmp/ || :
 %endif

 %changelog
+* Thu Jul 18 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-94
+- 20-grub-install: Restore default SELinux security contexts for BLS files
+  Resolves: rhbz#1726020
+
 * Wed Jul 17 2019 Javier Martinez Canillas <javierm@redhat.com> - 2.02-93
 - Add btrfs snapshot submenu when BLS configuration is used
 - Move grub2-probe to the grub2-tools-minimal subpackage