From 397ae335fd47cc6662245a8e33b08994574c6619 Mon Sep 17 00:00:00 2001
From: Brandon Wulf <mrwulf@users.noreply.github.com>
Date: Fri, 22 Mar 2019 13:51:59 -0700
Subject: [PATCH] Set the selinux context during the install (#228)

* Set the selinux context
---
 install.sh | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/install.sh b/install.sh
index cfd3ad9f84..e257cd24a0 100755
--- a/install.sh
+++ b/install.sh
@@ -10,7 +10,7 @@ set -e
 #   Installing a server without an agent:
 #     curl ... | INSTALL_K3S_EXEC="--disable-agent" sh -
 #   Installing an agent to point at a server:
-#     curl ... | K3S_TOKEN=xxx K3S_URL=https://server-url:6443 sh -  
+#     curl ... | K3S_TOKEN=xxx K3S_URL=https://server-url:6443 sh -
 #
 # Environment variables:
 #   - K3S_*
@@ -262,6 +262,16 @@ setup_binary() {
     info "Installing k3s to ${BIN_DIR}/k3s"
     $SUDO chown root:root ${TMP_BIN}
     $SUDO mv -f ${TMP_BIN} ${BIN_DIR}/k3s
+
+    if command -v getenforce > /dev/null 2>&1; then
+        if [ "Disabled" != `getenforce` ]; then
+            info "SeLinux is enabled, setting permissions"
+            if ! $SUDO semanage fcontext -l | grep "${BIN_DIR}/k3s" > /dev/null 2>&1; then
+                $SUDO semanage fcontext -a -t bin_t "${BIN_DIR}/k3s"
+            fi
+            $SUDO restorecon -v ${BIN_DIR}/k3s > /dev/null
+        fi
+    fi
 }
 
 # --- download and verify k3s ---