From 9616c6c3d6a1fab736d4b826d5c34cebc9a99452 Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <lautrbach@redhat.com>
Date: Wed, 8 Feb 2023 11:27:20 +0100
Subject: [PATCH] Use StandardInput=tty when AUTORELABEL=0

selinux-autorelabel service can be configured to drop to a shell to allow
administrator to manually relabel a filesystem, see selinux_config(5). In
this case, the service needs to have a tty attached to stdin. Given that
tty should not be attached to the service by default, see
https://bugzilla.redhat.com/show_bug.cgi?id=1634661 , the
selinux-autorelabel-generator.sh will configure the service to attach
tty only if AUTORELABEL=0

Resolves: rhbz#2165508
---
 selinux-autorelabel-generator.sh | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/selinux-autorelabel-generator.sh b/selinux-autorelabel-generator.sh
index be60487..d9380b8 100644
--- a/selinux-autorelabel-generator.sh
+++ b/selinux-autorelabel-generator.sh
@@ -18,6 +18,15 @@ fi
 set_target ()
 {
     ln -sf "$unitdir/selinux-autorelabel.target" "$earlydir/default.target"
+    AUTORELABEL="1"
+    source /etc/selinux/config
+    if [ "$AUTORELABEL" = "0" ]; then
+        mkdir -p "$earlydir/selinux-autorelabel.service.d"
+        cat > "$earlydir/selinux-autorelabel.service.d/tty.conf" <<EOF
+[Service]
+StandardInput=tty
+EOF
+    fi
 }
 
 if selinuxenabled; then