oracle template: fix selinux context on symlinks in /dev

This fixes sshd getting an avc on traversing the /dev/ptmx symlink
(was default_t)

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index deed9b363171803b04d86575434c100074d53fc4..ddc6d740356c60bdc7506a39156d881efd20f3ca 100644 (file)
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -288,6 +288,10 @@ EOF
     if [ $container_rootfs != "/" -a -d $dev_path ]; then
         rm -rf $dev_path
         mkdir -p $dev_path
+        if which chcon >/dev/null 2>&1 ; then
+            # ensure symlinks created in /dev have the right context
+            chcon -t device_t $dev_path
+        fi
     fi
     mknod -m 666  $dev_path/null c 1 3
     mknod -m 666  $dev_path/zero c 1 5