From 0d5cfac2ac7c6d5cb7c208a67b4666e99a5c47a0 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Tue, 18 Sep 2018 12:22:43 +0200
Subject: [PATCH] prepare-root.sh: add altfiles to selinux

---
 prepare-root.sh | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/prepare-root.sh b/prepare-root.sh
index 05c6362..ea7974c 100755
--- a/prepare-root.sh
+++ b/prepare-root.sh
@@ -459,14 +459,22 @@ rm -f "$sysroot"/etc/systemd/system/*.wants/multipathd*
 
 # ------------------------------------------------------------------------------
 # selinux
+cp -avr "$sysroot"/usr/share/factory/cfg "$sysroot"/
+
 sed -i -e 's#^SELINUX=.*#SELINUX=permissive#g' "$sysroot"/etc/selinux/config
 chroot "$sysroot" semanage fcontext -a -e /etc /cfg
-chroot "$sysroot" semanage fcontext -a -e /etc /usr/share/factory/etc
+chroot "$sysroot" semanage fcontext -a -e /etc /usr/share/factory/cfg
 chroot "$sysroot" semanage fcontext -a -e /var /usr/share/factory/var
+for i in passwd shadow group gshadow; do
+    chroot "$sysroot" semanage fcontext -a -e /etc/$i /usr/lib/$i
+done
 chroot "$sysroot" fixfiles -v -F -f relabel || :
 chroot "$sysroot" restorecon -v -R /usr/share/factory/ || :
 rm -fr "$sysroot"/var/lib/selinux
 
+rm -fr "$sysroot"/cfg/*
+
+
 #---------------
 # var
 rm -fr "$sysroot"/var/lib/rpm
@@ -502,7 +510,6 @@ rm -fr "$sysroot"/var/*
 rm -fr "$sysroot"/home/*
 rm -f "$sysroot"/etc/yum.repos.d/*
 mkdir -p "$sysroot"/home
-mkdir -p "$sysroot"/cfg
 
 for i in "$sysroot"/{dev,sys,proc,run}; do
     [[ -d "$i" ]] && mountpoint -q "$i" && umount "$i"