#!/bin/sh
#
# /etc/init.d/restorecond
#
### BEGIN INIT INFO
# Provides:          restorecond
# Required-Start:    $remote_fs
# Should-Start:
# Required-Stop:     $remote_fs
# Should-Stop:
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Daemon used to maintain path file context
# Description:       Restorecond uses inotify to look for creation of new files
#   listed in the /etc/selinux/restorecond.conf file, and restores the correct
#   security context.
### END INIT INFO
#
# processname: /usr/sbin/restorecond
# config: /etc/selinux/restorecond.conf
# pidfile: /var/run/restorecond.pid
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

PATH=/sbin:/bin:/usr/bin:/usr/sbin
PROG_BIN=/usr/sbin/restorecond
LOCK_FILE=/var/lock/subsys/restorecond
PROG_CONF=/etc/selinux/restorecond.conf

# Source function library.
. /etc/rc.status

# Check whether SELinux is enabled
if  [ ! -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
    echo $"SELinux should be enabled to run this daemon"
    rc_failed 1
    rc_status -v
    rc_exit
fi

# Check that we are root ... so non-root users stop here
if [ $EUID -ne 0 ] ; then
    echo $"Access denied. Only root can run this daemon"
    rc_failed 4
    rc_status -v
    rc_exit
fi

# Check whether program binary exists
if [ ! -x $PROG_BIN ] ; then
    echo $"$PROG_BIN does not exist or has no executable permission"
    rc_failed 5
    rc_status -v
    rc_exit
fi

# Check whether the required conf file exists
if [ ! -f $PROG_CONF ] ; then
    echo $"$PROG_CONF not found"
    rc_failed 6
    rc_status -v
    rc_exit
fi

start()
{
    echo -n $"Starting restorecond: "
    unset HOME MAIL USER USERNAME
    startproc -p $LOCK_FILE $PROG_BIN
    rc_status -v
}

stop()
{
    echo -n $"Shutting down restorecond: "
    killproc -p $LOCK_FILE -TERM $PROG_BIN
    rc_status -v
}

restart()
{
    stop
    start
}

# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    status)
        echo -n $"Checking for restorecond: "
        checkproc -p $LOCK_FILE $PROG_BIN
        rc_status -v
        ;;
    restart|reload)
        restart
        ;;
    condrestart)
        [ -e $LOCK_FILE ] && restart || :
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart|reload|condrestart}"
        rc_failed 3
        rc_status -v
esac

rc_exit
