restorecon: do not set security.restorecon_last on ramfs and tmpfs
When setting the last value for restorecon, it should skip over the
ramfs and tmpfs, as setting last on non-persistent file systems
makes no sense. Notably, this avoids triggering a CAP_SYS_ADMIN
capability check and a SELinux setattr permission check to the
file when applying restorecon to ramfs or tmpfs filesystems.
Signed-off-by: William Roberts <firstname.lastname@example.org>
1 file changed