Use StandardInput=tty when AUTORELABEL=0

selinux-autorelabel service can be configured to drop to a shell to allow administrator to manually relabel a filesystem, see selinux_config(5). In this case, the service needs to have a tty attached to stdin. Given that tty should not be attached to the service by default, see https://bugzilla.redhat.com/show_bug.cgi?id=1634661 , the selinux-autorelabel-generator.sh will configure the service to attach tty only if AUTORELABEL=0 Resolves: rhbz#2165508
2023-02-08 11:27:20 +01:00 · 2023-02-08 11:27:20 +01:00 · 9616c6c3d6
commit 9616c6c3d6
parent e634de4b77
1 changed files with 9 additions and 0 deletions
--- a/selinux-autorelabel-generator.sh
+++ b/selinux-autorelabel-generator.sh
@ -18,6 +18,15 @@ fi
 set_target ()
 {
    ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
+    AUTORELABEL="1"
+    source /etc/selinux/config
+    if [ "$AUTORELABEL" = "0" ]; then
+        mkdir -p "$earlydir/selinux-autorelabel.service.d"
+        cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <<EOF
+[Service]
+StandardInput=tty
+EOF
+    fi
 }

 if selinuxenabled; then