From 17caa563ab48ca37d720212cba44d50a44d36bcc Mon Sep 17 00:00:00 2001
From: valentin <poubelle@romanet.fr>
Date: Wed, 10 Nov 2021 14:57:19 +0100
Subject: [PATCH] added restoreconf line to apply semanage policy

---
 ocanary-setup.sh | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/ocanary-setup.sh b/ocanary-setup.sh
index 431188b..ef8e5f9 100755
--- a/ocanary-setup.sh
+++ b/ocanary-setup.sh
@@ -121,8 +121,9 @@ sudo semanage port -a -t ssh_port_t -p tcp 2222
 # Change opencanaryd file type to a 'bin_t' type. Will ensure that the file type does not trisition to a confined domain
 # Without this instruction, SELinux will block many actions
 echo "Adding rules for SELinux to let opencanaryd service run..."
-sudo chcon -t bin_t /var/lib/canary-env/bin/opencanaryd 
-#sudo semanage fcontext -a -t bin_t /var/lib/canary-env/bin/opencanaryd
+#sudo chcon -t bin_t /var/lib/canary-env/bin/opencanaryd 
+semanage fcontext -a -t bin_t /var/lib/canary-env/bin/opencanaryd
+/sbin/restorecon -v /var/lib/canary-env/bin/opencanaryd 
 
 echo "Setting SELinux to permisive - IMPORTANT - This action must be removed for production"
 # ----- TODO Change this setting -----