From: Dwight Engen <dwight.engen@oracle.com>
Date: Thu, 17 Oct 2013 15:09:36 +0000 (-0400)
Subject: oracle template: fix selinux context on symlinks in /dev
X-Git-Tag: lxc-1.0.0.alpha2~19
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c944b920f48558c59f94f93f2e561e464902b4d1;p=thirdparty%2Flxc.git

oracle template: fix selinux context on symlinks in /dev

This fixes sshd getting an avc on traversing the /dev/ptmx symlink
(was default_t)

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
---

diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index deed9b363..ddc6d7403 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -288,6 +288,10 @@ EOF
     if [ $container_rootfs != "/" -a -d $dev_path ]; then
         rm -rf $dev_path
         mkdir -p $dev_path
+        if which chcon >/dev/null 2>&1 ; then
+            # ensure symlinks created in /dev have the right context
+            chcon -t device_t $dev_path
+        fi
     fi
     mknod -m 666  $dev_path/null c 1 3
     mknod -m 666  $dev_path/zero c 1 5