dns-hatchet: apply resolv.conf's selinux context to new resolv.conf

author Jason A. Donenfeld <Jason@zx2c4.com>

Sat, 16 Jun 2018 22:06:58 +0000 (00:06 +0200)

committer Jason A. Donenfeld <Jason@zx2c4.com>

Sun, 17 Jun 2018 17:36:37 +0000 (19:36 +0200)
author Jason A. Donenfeld <Jason@zx2c4.com>
Sat, 16 Jun 2018 22:06:58 +0000 (00:06 +0200)
committer Jason A. Donenfeld <Jason@zx2c4.com>
Sun, 17 Jun 2018 17:36:37 +0000 (19:36 +0200)
diff --git a/contrib/dns-hatchet/hatchet.bash b/contrib/dns-hatchet/hatchet.bash

index 793684c271b2b3e0fdfb25fe406504b8808011b1..5857cc10e05ce36cf0e3e9272d14bb0158ca1b5f 100644 (file)
--- a/contrib/dns-hatchet/hatchet.bash
+++ b/contrib/dns-hatchet/hatchet.bash
@@ -17,9 +17,11 @@ set_dns() {
                 printf 'nameserver %s\n' "${DNS[@]}"
                 } | unshare -m --propagation shared bash -c "$(cat <<-_EOF
                         set -e
+                       context="\$(stat -c %C /etc/resolv.conf 2>/dev/null)" || unset context
                         mount --make-private /dev/shm
                         mount -t tmpfs none /dev/shm
                         cat > /dev/shm/resolv.conf
+                       [[ -z \$context || \$context == "?" ]] || chcon "\$context" /dev/shm/resolv.conf 2>/dev/null || true
                         mount -o remount,ro /dev/shm
                         mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
                 _EOF
author	Jason A. Donenfeld <Jason@zx2c4.com>
	Sat, 16 Jun 2018 22:06:58 +0000 (00:06 +0200)
committer	Jason A. Donenfeld <Jason@zx2c4.com>
	Sun, 17 Jun 2018 17:36:37 +0000 (19:36 +0200)