#!/bin/sh
#
# /etc/init.d/restorecond
#
### BEGIN INIT INFO
# Provides:          restorecond
# Required-Start:    $remote_fs
# Should-Start:
# Required-Stop:     $remote_fs
# Should-Stop:
# Default-Start:     3 5
# Default-Stop:      0 1 2 6
# Short-Description: Daemon used to maintain path file context
# Description:       Restorecond uses inotify to look for creation of new files
#   listed in the /etc/selinux/restorecond.conf file, and restores the correct
#   security context.
### END INIT INFO
#
# processname: /usr/sbin/restorecond
# config: /etc/selinux/restorecond.conf
# pidfile: /var/run/restorecond.pid
#
# Return values according to LSB for all commands but status:
# 0 - success
# 1 - generic or unspecified error
# 2 - invalid or excess argument(s)
# 3 - unimplemented feature (e.g. "reload")
# 4 - insufficient privilege
# 5 - program is not installed
# 6 - program is not configured
# 7 - program is not running

PATH=/sbin:/bin:/usr/bin:/usr/sbin
PROG_BIN=/usr/sbin/restorecond
LOCK_FILE=/var/lock/subsys/restorecond
PROG_CONF=/etc/selinux/restorecond.conf

# Source function library.
. /etc/rc.status

# Check whether SELinux is enabled
if  [ ! -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled ; then
    echo $"SELinux should be enabled to run this daemon"
    rc_failed 1
    rc_status -v
    rc_exit
fi

# Check that we are root ... so non-root users stop here
if [ $EUID -ne 0 ] ; then
    echo $"Access denied. Only root can run this daemon"
    rc_failed 4
    rc_status -v
    rc_exit
fi

# Check whether program binary exists
if [ ! -x $PROG_BIN ] ; then
    echo $"$PROG_BIN does not exist or has no executable permission"
    rc_failed 5
    rc_status -v
    rc_exit
fi

# Check whether the required conf file exists
if [ ! -f $PROG_CONF ] ; then
    echo $"$PROG_CONF not found"
    rc_failed 6
    rc_status -v
    rc_exit
fi

start()
{
    echo -n $"Starting restorecond: "
    unset HOME MAIL USER USERNAME
    startproc -p $LOCK_FILE $PROG_BIN
    rc_status -v
}

stop()
{
    echo -n $"Shutting down restorecond: "
    killproc -p $LOCK_FILE -TERM $PROG_BIN
    rc_status -v
}

restart()
{
    stop
    start
}

# See how we were called.
case "$1" in
  start)
	start
        ;;
  stop)
	stop
        ;;
  status)
        echo -n $"Checking for restorecond: "
        checkproc -p $LOCK_FILE $PROG_BIN
        rc_status -v
	;;
  force-reload|restart|reload)
	restart
	;;
  condrestart)
	[ -e $LOCK_FILE ] && restart || :
	;;
  *)
        echo $"Usage: $0 {start|stop|restart|force-reload|status|condrestart}"
        rc_failed 3
        rc_status -v
esac

rc_exit
