Found an issue where an image that had selinux in a disabled state does
not always end up with the filesystem 100% properly labelled after the
reboot and autorelabel. Add an extra step for when switching from
permissive to enforcing to make sure everything is appropriately
labeled.
Change-Id: I496e373a5ea94c4e7cf63b94019494168a6e851b
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
# Handle the occurance where SELINUX is actually disabled
if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
+ # make sure that the filesystem is properly labelled.
+ # it could be not fully labeled correctly if it was just switched
+ # from disabled, the autorelabel misses some things
+ # skip relabelling on /dev as it will generally throw errors
+ restorecon -R -e /dev /
+
# enable enforcing mode from the very start
setenforce enforcing