always force to restore file contexts in initscripts

In policycoreutils-2.13+, restorecon changes its default behaviour,
and does not restore context if the file' type is correct, even its
mcs/mls level is incorrect.
We should force it always to restore file contexts in initscripts to
avoid issues.

Signed-off-by: Xin Ouyang <Xin.Ouyang@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>

recipes-connectivity/bind/bind_9.8.1.bbappend

@@ -1,4 +1,4 @@
-PR .= ".2"
+PR .= ".3"
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
 
@@ -9,5 +9,5 @@ do_install_append() {
 	install -m 0644 ${WORKDIR}/volatiles.04_bind ${D}${sysconfdir}/default/volatiles/volatiles.04_bind
 
 	sed -i '/^\s*\/usr\/sbin\/rndc-confgen/a\
-	    [ -x /sbin/restorecon ] && /sbin/restorecon /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
+	    [ -x /sbin/restorecon ] && /sbin/restorecon -F /etc/bind/rndc.key' ${D}${sysconfdir}/init.d/bind
 }

recipes-core/initscripts/initscripts_1.0.bbappend

@@ -1,8 +1,8 @@
-PR .= ".2"
+PR .= ".3"
 
 do_install_append () {
 	cat <<-EOF >> ${D}${sysconfdir}/init.d/populate-volatile.sh
 touch /var/log/lastlog
-test ! -x /sbin/restorecon || /sbin/restorecon -R /var/volatile/
+test ! -x /sbin/restorecon || /sbin/restorecon -RF /var/volatile/ /run
 EOF
 }

recipes-core/udev/udev/init

@@ -81,6 +81,6 @@ else
 	/sbin/udevadm settle
 fi
 
-test ! -x /sbin/restorecon || /sbin/restorecon /dev
+test ! -x /sbin/restorecon || /sbin/restorecon -F /dev
 
 exit 0

recipes-core/udev/udev_182.bbappend

@@ -1,4 +1,4 @@
-PR .= ".3"
+PR .= ".4"
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/${PN}:"
 

recipes-extended/sysklogd/files/sysklogd

@@ -37,7 +37,7 @@ create_xconsole()
 	chmod 0640 /dev/xconsole
     fi
     chown root:adm /dev/xconsole
-    test ! -x /sbin/restorecon || /sbin/restorecon /dev/xconsole
+    test ! -x /sbin/restorecon || /sbin/restorecon -F /dev/xconsole
 }
 
 log_begin_msg () {
@@ -92,7 +92,7 @@ case "$1" in
     log_begin_msg "Starting system log daemon..."
     create_xconsole
     start-stop-daemon --start --quiet --pidfile $pidfile_syslogd --name syslogd --startas $binpath_syslogd -- $SYSLOGD
-    test ! -x /sbin/restorecon || /sbin/restorecon -R /dev/log /var/log/
+    test ! -x /sbin/restorecon || /sbin/restorecon -RF /dev/log /var/log/
     log_end_msg $?
     log_begin_msg "Starting kernel log daemon..."
     start-stop-daemon --start --quiet --pidfile $pidfile_klogd --name klogd --startas $binpath_klogd -- $KLOGD

recipes-extended/sysklogd/sysklogd_1.5.bbappend

@@ -1,3 +1,3 @@
-PR .= ".1"
+PR .= ".2"
 
 FILESEXTRAPATHS_prepend := "${THISDIR}/files:"

recipes-security/audit/audit-2.2.1/auditd

@@ -86,7 +86,7 @@ do_reload() {
 
 if [ ! -e /var/log/audit ]; then
 	mkdir -p /var/log/audit
-	[ -x /sbin/restorecon ] && /sbin/restorecon /var/log/audit
+	[ -x /sbin/restorecon ] && /sbin/restorecon -F /var/log/audit
 fi
 
 case "$1" in

recipes-security/audit/audit_2.2.1.bb

@@ -4,7 +4,7 @@ storing and searching the audit records generated by the audit subsystem \
 in the Linux kernel."
 HOMEPAGE = "http://people.redhat.com/sgrubb/audit/"
 SECTION = "base"
-PR = "r7"
+PR = "r8"
 LICENSE = "GPLv2+ & LGPLv2+"
 LIC_FILES_CHKSUM = "file://COPYING;md5=94d55d512a9ba36caa9b7df079bae19f"
 

recipes-security/selinux/selinux-config/selinux-init.sh

@@ -59,13 +59,13 @@ if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
 	echo " * First booting, filesystem will be relabeled..."
 	test -x /etc/init.d/auditd && /etc/init.d/auditd start
 	${SETENFORCE} 0
-	${RESTORECON} -R /
-	${RESTORECON} /
+	${RESTORECON} -RF /
+	${RESTORECON} -F /
 	echo " * Relabel done, rebooting the system."
 	/sbin/reboot -f
 fi
 
 # Now, we should relabel /dev for most services.
-${RESTORECON} -R /dev
+${RESTORECON} -RF /dev
 
 exit 0

recipes-security/selinux/selinux-config_0.1.bb

@@ -8,7 +8,7 @@ This is the configuration files for SELinux on WRLinux system.  \
 SECTION = "base"
 LICENSE = "MIT"
 LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420"
-PR = "r2"
+PR = "r3"
 
 SRC_URI = "file://selinux-init.sh"