From 77e345b251b1ecef8b0a4493312c6619ffa0cb68 Mon Sep 17 00:00:00 2001
From: Harald Hoyer <harald@redhat.com>
Date: Tue, 18 Sep 2018 14:49:57 +0200
Subject: [PATCH] quirks/nss.sh: retain permissions and selinux context

---
 quirks/nss.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/quirks/nss.sh b/quirks/nss.sh
index 581ed56..1f39d64 100644
--- a/quirks/nss.sh
+++ b/quirks/nss.sh
@@ -7,6 +7,8 @@ sed -i -e 's#/var/db#/usr/db#g' "$sysroot"/lib*/libnss_db-2*.so "$sysroot"/var/d
 
 egrep -e '^(adm|wheel):.*' "$sysroot"/etc/group > "$sysroot"/etc/group.adm
 egrep -e '^(adm|wheel):.*' "$sysroot"/etc/gshadow > "$sysroot"/etc/gshadow.adm
+chmod --reference="$sysroot"/etc/group "$sysroot"/etc/group.adm
+chmod --reference="$sysroot"/etc/gshadow "$sysroot"/etc/gshadow.adm
 
 sed -i -e 's#:/root:#:/var/root:#g' "$sysroot"/etc/passwd
 
@@ -16,7 +18,10 @@ chroot "$sysroot" bash -c 'make -C /var/db /usr/db/passwd.db /usr/db/shadow.db /
 
 mv "$sysroot"/etc/group.adm "$sysroot"/etc/group
 mv "$sysroot"/etc/gshadow.adm "$sysroot"/etc/gshadow
-chmod 0000 "$sysroot"/etc/gshadow "$sysroot"/etc/shadow
+chmod --reference="$sysroot"/lib/shadow "$sysroot"/etc/shadow
+chmod --reference="$sysroot"/lib/passwd "$sysroot"/etc/passwd
+
+chroot "$sysroot" restorecon /etc/group /etc/gshadow
 
 mkdir -p "$sysroot"/usr/share/factory/cfg
 mv "$sysroot"/etc/passwd \