dns-hatchet: apply resolv.conf's selinux context to new resolv.conf

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
author: Jason A. Donenfeld <Jason@zx2c4.com> 2018-06-17 00:06:58 +0200
committer: Jason A. Donenfeld <Jason@zx2c4.com> 2018-06-17 19:36:37 +0200
commit: 2ce4680bd34f371aacd3c09673c3c907274321cd (patch)
tree: dfaf0fcb32be013fd95fa0ee334997f1396e725a
parent: wg: getentropy requires 10.12 (diff)
download: wireguard-tools-2ce4680bd34f371aacd3c09673c3c907274321cd.tar.xz
wireguard-tools-2ce4680bd34f371aacd3c09673c3c907274321cd.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/contrib/dns-hatchet/hatchet.bash b/contrib/dns-hatchet/hatchet.bash
index 793684c..5857cc1 100644
--- a/contrib/dns-hatchet/hatchet.bash
+++ b/contrib/dns-hatchet/hatchet.bash
@@ -17,9 +17,11 @@ set_dns() {
 		printf 'nameserver %s\n' "${DNS[@]}"
 		} | unshare -m --propagation shared bash -c "$(cat <<-_EOF
 			set -e
+			context="\$(stat -c %C /etc/resolv.conf 2>/dev/null)" || unset context
 			mount --make-private /dev/shm
 			mount -t tmpfs none /dev/shm
 			cat > /dev/shm/resolv.conf
+			[[ -z \$context || \$context == "?" ]] || chcon "\$context" /dev/shm/resolv.conf 2>/dev/null || true
 			mount -o remount,ro /dev/shm
 			mount -o bind,ro /dev/shm/resolv.conf /etc/resolv.conf
 		_EOF
author	Jason A. Donenfeld <Jason@zx2c4.com>	2018-06-17 00:06:58 +0200
committer	Jason A. Donenfeld <Jason@zx2c4.com>	2018-06-17 19:36:37 +0200
commit	2ce4680bd34f371aacd3c09673c3c907274321cd (patch)
tree	dfaf0fcb32be013fd95fa0ee334997f1396e725a
parent	wg: getentropy requires 10.12 (diff)
download	wireguard-tools-2ce4680bd34f371aacd3c09673c3c907274321cd.tar.xz wireguard-tools-2ce4680bd34f371aacd3c09673c3c907274321cd.zip