PREIN
/bin/sh
if [ $1 -ne 1 ] && [ -s /etc/selinux/config ]; then
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/minimum/contexts/files/file_contexts;
if [ "${SELINUXTYPE}" = minimum -a -f ${FILE_CONTEXT} ]; then
[ -f ${FILE_CONTEXT}.pre ] || cp -f ${FILE_CONTEXT} ${FILE_CONTEXT}.pre;
fi;
touch /etc/selinux/minimum/.rebuild;
if [ -e /etc/selinux/minimum/.policy.sha512 ]; then
POLICY_FILE=`ls /etc/selinux/minimum/policy/policy.* | sort | head -1`
sha512=`sha512sum $POLICY_FILE | cut -d ' ' -f 1`;
checksha512=`cat /etc/selinux/minimum/.policy.sha512`;
if [ "$sha512" == "$checksha512" ] ; then
rm /etc/selinux/minimum/.rebuild;
fi;
fi;
fi;
if [ $1 -ne 1 ]; then
/usr/sbin/semodule -s minimum -l 2>/dev/null | awk '{ if ($3 != "Disabled") print $1; }' > /usr/share/selinux/minimum/instmodules.lst
fi
POSTIN
/bin/sh
contribpackages=`cat /usr/share/selinux/minimum/modules-contrib.lst`
basepackages=`cat /usr/share/selinux/minimum/modules-base.lst`
if [ $1 -eq 1 ]; then
for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
done
for p in $basepackages apache.pp dbus.pp inetd.pp kerberos.pp mta.pp nis.pp; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.disabled
done
/usr/sbin/semanage -S minimum -i - << __eof
login -m -s unconfined_u -r s0-s0:c0.c1023 __default__
login -m -s unconfined_u -r s0-s0:c0.c1023 root
__eof
/sbin/restorecon -R /root /var/log /var/run 2> /dev/null
/usr/sbin/semodule -B -s minimum
else
instpackages=`cat /usr/share/selinux/minimum/instmodules.lst`
for p in $contribpackages; do
touch /etc/selinux/minimum/modules/active/modules/$p.disabled
done
for p in $instpackages apache dbus inetd kerberos mta nis; do
rm -f /etc/selinux/minimum/modules/active/modules/$p.pp.disabled
done
/usr/sbin/semodule -B -s minimum
. /etc/selinux/config;
FILE_CONTEXT=/etc/selinux/minimum/contexts/files/file_contexts;
/usr/sbin/selinuxenabled;
if [ $? = 0 -a "${SELINUXTYPE}" = minimum -a -f ${FILE_CONTEXT}.pre ]; then
/sbin/fixfiles -C ${FILE_CONTEXT}.pre restore 2> /dev/null;
rm -f ${FILE_CONTEXT}.pre;
fi;
if /sbin/restorecon -e /run/media -R /root /var/log /var/run /etc/passwd* /etc/group* /etc/*shadow* 2> /dev/null;then
continue;
fi;
if /sbin/restorecon -R /home/*/.config 2> /dev/null;then
continue;
fi;
fi
exit 0