Expose dirsrv SELinux policy interface.

This adds a number of interface macros to the dirsrv SELinux policy
module.  These macros are intended for use by the Administration
Server SELinux policy that is currently being developed.

I also made some changes to the setup code that labels newly created
directories.  When the first instance is created, some top-level
directories are created that were not being labeled properly.

1 files changed, 15 insertions, 1 deletions

diff --git a/ldap/admin/src/scripts/DSCreate.pm.in b/ldap/admin/src/scripts/DSCreate.pm.in
index 96930dfd..43fd1d9d 100644
--- a/ldap/admin/src/scripts/DSCreate.pm.in
+++ b/ldap/admin/src/scripts/DSCreate.pm.in
@@ -903,7 +903,21 @@ sub updateSelinuxPolicy {
 
     # if selinux is not available, do nothing
     if ("@with_selinux@") {
-        # run restorecon on all directories we created
+        my $localstatedir = $inf->{slapd}->{localstatedir};
+
+        # run restorecon on all of the parent directories we
+        # may have created (this only happens if this is the
+        # first instance created).
+        if ("@with_fhs_opt@") {
+            system("restorecon -R $localstatedir/@PACKAGE_NAME@");
+        } else {
+            system("restorecon -R $localstatedir/lock/@PACKAGE_NAME@");
+            system("restorecon -R $localstatedir/log/@PACKAGE_NAME@");
+            system("restorecon -R $localstatedir/run/@PACKAGE_NAME@");
+            system("restorecon -R $localstatedir/lib/@PACKAGE_NAME@");
+        }
+
+        # run restorecon on all instance directories we created
         for my $kw (qw(inst_dir config_dir schema_dir log_dir lock_dir run_dir tmp_dir
                 cert_dir db_dir ldif_dir bak_dir)) {
             my $dir = $inf->{slapd}->{$kw};