From cbb46dec3ae5205a8b00600e050886185c68773e Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Sat, 12 Dec 2020 14:57:02 -0500
Subject: [PATCH] Allow firstboot to run with root access

Being it /etc is unusual, and restorecon treats it
as such. Manually use chcon to explicitly allow
it in /etc/
---
 confluent_osdeploy/el8/profiles/default/kickstart | 1 +
 1 file changed, 1 insertion(+)

diff --git a/confluent_osdeploy/el8/profiles/default/kickstart b/confluent_osdeploy/el8/profiles/default/kickstart
index ba0a8104..8429ad6c 100644
--- a/confluent_osdeploy/el8/profiles/default/kickstart
+++ b/confluent_osdeploy/el8/profiles/default/kickstart
@@ -75,6 +75,7 @@ cat /etc/confluent/tls/*.pem >> /etc/pki/tls/certs/ca-bundle.crt
 systemctl enable firstboot
 chgrp ssh_keys /etc/ssh/ssh*key
 restorecon /etc/ssh/ssh*key /root/.shosts /etc/ssh/shosts.equiv /etc/ssh/ssh_config.d/* /etc/confluent/firstboot.sh
+chcon -t bin_t /etc/confluent/firstboot.sh
 profile=$(grep ^profile: /etc/confluent/confluent.deploycfg |awk '{print $2}')
 mgr=$(grep deploy_server /etc/confluent/confluent.deploycfg |awk '{print $2}')
 curl -f https://$mgr/confluent-public/os/$profile/scripts/post.sh > /tmp/postinst.sh