wrappers/initscript.in | 3 +++ 1 file changed, 3 insertions(+)
New commits: commit 7e277bf2171fb05722742abc867361e2be5b8776 Author: Nathan Kinder nkinder@redhat.com Date: Thu Apr 18 09:52:50 2013 -0700
Ticket #47333 - Relabel lockfile when starting Admin Server
On a non-systemd system, our init script creates a lockfile. This lockfile gets a generic var_lock_t label, which causes problems when we try to restart Admin Server via CGI. Our CGIs are not allowed to remove the old lockfile due to the SELinux policy.
We do have a fcontext rule for this lock file, but we need to explicitly perform a relabel since the file is created by our init script. This patch relabels the lockfile immediately after creation, which then allows our CGIs to properly manage it later.
diff --git a/wrappers/initscript.in b/wrappers/initscript.in index 82dd20e..51419f5 100644 --- a/wrappers/initscript.in +++ b/wrappers/initscript.in @@ -164,6 +164,9 @@ start() { fi fi [ $RETVAL -eq 0 -a -d /var/lock/subsys ] && touch $lockfile + if [ -f $lockfile ]; then + restorecon $lockfile + fi }
stop() {