added dnf port for resetting selinux

1 files changed, 50 insertions, 0 deletions

diff --git a/reset-selinux-dnf.sh b/reset-selinux-dnf.sh
new file mode 100644
index 0000000..19c9014
--- /dev/null
+++ b/reset-selinux-dnf.sh
@@ -0,0 +1,50 @@
+#!/bin/bash
+
+# Partial script version of http://fedorasolved.org/Members/fenris02/post_upgrade_cleanup
+# Mirrored on https://fedoraproject.org/wiki/User:Fenris02/Distribution_upgrades_and_cleaning_up_after_them
+# From http://fedorapeople.org/cgit/fenris02/public_git/cleanup.git/plain/reset-selinux.sh
+
+DS=$(/bin/date +%Y%m%d)
+LANG=C
+TMPDIR=$(/bin/mktemp -d ${TMPDIR:-/tmp}/${0##*/}-XXXXX.log)
+[ -d "${TMPDIR}" ] || mkdir -p "${TMPDIR}"
+
+if [ "$(/usr/bin/whoami)" != "root" ]; then
+  echo "Must be run as root."
+  exit 1
+fi
+
+# Collect default selinux mode before beginning
+SELINUX=1
+[ -f /etc/selinux/config ] && . /etc/selinux/config
+
+[ -x /usr/sbin/setenforce ] || dnf install -y libselinux-utils
+/usr/sbin/setenforce 0
+
+[ -x /usr/sbin/semanage ] || dnf install -y policycoreutils-python
+/usr/sbin/semanage -o ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
+
+/bin/mv /etc/selinux/targeted ${TMPDIR}/targeted.${DS}
+/usr/bin/install -d -m 0755 -o root -g root /etc/selinux/targeted
+/usr/bin/dnf reinstall -y --noplugins --enablerepo=updates-testing \
+  libselinux{,-python,-utils} \
+  policycoreutils{,-newrole,-restorecond,-sandbox} \
+  selinux-policy{,-targeted} \
+  #
+
+/usr/sbin/semanage -i ${TMPDIR}/SELINUX-CUSTOM-CONFIG_${DS}.txt
+
+/usr/sbin/semodule -B
+
+[ -x /sbin/fixfiles ] || dnf install -y policycoreutils
+echo "Resetting selinux labels for packaged files ... this may take some time."
+time /sbin/fixfiles -R -a restore
+
+echo "Remember to review /etc/selinux/semanage.conf for settings like handle-unknown=deny"
+
+/usr/sbin/setenforce $SELINUX
+echo "Rebooting now."
+
+reboot
+
+#EOF