From 367917f0c408e6b1b196628fcb3ab2d6bc915d91 Mon Sep 17 00:00:00 2001
From: Robbert Klarenbeek <robbertkl@renbeek.nl>
Date: Wed, 14 Feb 2024 15:29:21 +0100
Subject: [PATCH] fix: Apply SELinux security context after moving to
 mail-state

---
 target/scripts/startup/setup.d/mail_state.sh | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/target/scripts/startup/setup.d/mail_state.sh b/target/scripts/startup/setup.d/mail_state.sh
index 9c43fea4..d481ae7d 100644
--- a/target/scripts/startup/setup.d/mail_state.sh
+++ b/target/scripts/startup/setup.d/mail_state.sh
@@ -48,6 +48,9 @@ function _setup_save_states() {
         _log 'trace' "Moving ${SERVICEFILE} to ${DEST}"
         # Empty volume was mounted, or new content from enabling a feature ENV:
         mv "${SERVICEFILE}" "${DEST}"
+        # Apply SELinux security context to match the state directory, so access
+        # is not restricted to the current running container:
+        chcon -R --reference="${STATEDIR}" "${DEST}"
       fi
 
       # Symlink the original file in the container ($SERVICEFILE) to be
@@ -69,6 +72,9 @@ function _setup_save_states() {
         _log 'trace' "Moving contents of ${SERVICEDIR} to ${DEST}"
         # Empty volume was mounted, or new content from enabling a feature ENV:
         mv "${SERVICEDIR}" "${DEST}"
+        # Apply SELinux security context to match the state directory, so access
+        # is not restricted to the current running container:
+        chcon -R --reference="${STATEDIR}" "${DEST}"
       fi
 
       # Symlink the original path in the container ($SERVICEDIR) to be