From 549a5b58f69f39d3a4aadb42f62d7e99f2a54622 Mon Sep 17 00:00:00 2001
From: Yansheng Wei <wei.yansheng@gmail.com>
Date: Tue, 23 Apr 2024 15:29:02 -0500
Subject: [PATCH] [issue #119] Update fcontext to allow override of built-in
 types

Signed-off-by: Yansheng Wei <wei.yansheng@gmail.com>
---
 resources/fcontext.rb | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/resources/fcontext.rb b/resources/fcontext.rb
index 9efbbbb..d8e2ca8 100644
--- a/resources/fcontext.rb
+++ b/resources/fcontext.rb
@@ -93,7 +93,14 @@ def relabel_files
     return
   end
 
-  unless current_file_context
+  # "add" is performed in two scenarios.
+  # 1: The local file_contexts.local has an entry for new_resource.file_spec, but secontext <> new_resource.secontext
+  # 2. The local file_contexts.local does NOT have an entry for new_resource.file_spec, AND
+  #    either the system default (file_contexts) does not have an entry for new_resource.file_spec, or the secontext <> new_resource.secontext
+  # In both scenarios, file_contexts.local is created with a new entry, or the secontext is updated.
+
+  cfc = current_file_context
+  unless cfc && cfc == new_resource.secontext
     converge_by "adding label #{new_resource.secontext} to #{new_resource.file_spec}" do
       shell_out!("semanage fcontext -a -f #{new_resource.file_type} -t #{new_resource.secontext} '#{new_resource.file_spec}'")
       relabel_files