From 9e4b40fc087c1817f2cfe65604c00b0e1fb5139c Mon Sep 17 00:00:00 2001
From: Andrew Grimberg <agrimberg@linuxfoundation.org>
Date: Tue, 11 Nov 2014 08:36:23 -0800
Subject: [PATCH] Fix a minor selinux step through issue

Found an issue where an image that had selinux in a disabled state does
not always end up with the filesystem 100% properly labelled after the
reboot and autorelabel. Add an extra step for when switching from
permissive to enforcing to make sure everything is appropriately
labeled.

Change-Id: I496e373a5ea94c4e7cf63b94019494168a6e851b
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
---
 vagrant/rackspace-convert-base/bootstrap.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/vagrant/rackspace-convert-base/bootstrap.sh b/vagrant/rackspace-convert-base/bootstrap.sh
index 7590f33c91..8079d7bc85 100644
--- a/vagrant/rackspace-convert-base/bootstrap.sh
+++ b/vagrant/rackspace-convert-base/bootstrap.sh
@@ -4,6 +4,12 @@
 
 # Handle the occurance where SELINUX is actually disabled
 if [ `grep SELINUX=permissive /etc/selinux/config` ]; then
+    # make sure that the filesystem is properly labelled.
+    # it could be not fully labeled correctly if it was just switched
+    # from disabled, the autorelabel misses some things
+    # skip relabelling on /dev as it will generally throw errors
+    restorecon -R -e /dev /
+
     # enable enforcing mode from the very start
     setenforce enforcing
 
-- 
2.36.6