From 8171d461ea3dc0db4bfe1210cbcccd19b8aca66a Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Wed, 21 Jul 2021 17:34:53 -0400
Subject: [PATCH] Another selinux fixup

systemctl enable firstboot
produces invalid selinux context, fix aafter enabling.
---
 .../el8-diskless/profiles/default/scripts/post.sh            | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/confluent_osdeploy/el8-diskless/profiles/default/scripts/post.sh b/confluent_osdeploy/el8-diskless/profiles/default/scripts/post.sh
index f87c0dc0..ebd288ce 100644
--- a/confluent_osdeploy/el8-diskless/profiles/default/scripts/post.sh
+++ b/confluent_osdeploy/el8-diskless/profiles/default/scripts/post.sh
@@ -19,7 +19,10 @@ mkdir -p /opt/confluent/bin
 curl -f https://$confluent_mgr/confluent-public/os/$confluent_profile/scripts/firstboot.sh > /opt/confluent/bin/firstboot.sh
 chmod +x /opt/confluent/bin/firstboot.sh
 systemctl enable firstboot
-
+selinuxpolicy=$(grep ^SELINUXTYPE /etc/selinux/config |awk -F= '{print $2}')
+if [ ! -z "$selinuxpolicy" ]; then
+    setfiles /etc/selinux/${selinuxpolicy}/contexts/files/file_contexts /etc/
+fi
 run_remote post.custom
 # post scripts may be placed into post.d, e.g. post.d/01-firstaction.sh, post.d/02-secondaction.sh
 run_remote_parts post.d