restorecon: do not set security.restorecon_last on ramfs and tmpfs

When setting the last value for restorecon, it should skip over the
ramfs and tmpfs, as setting last on non-persistent file systems
makes no sense. Notably, this avoids triggering a CAP_SYS_ADMIN
capability check and a SELinux setattr permission check to the
file when applying restorecon to ramfs or tmpfs filesystems.

Change-Id: I7e7ebaa9d62c7bc6a5587cc9c472dcb4a7a49513
Signed-off-by: William Roberts <>
1 file changed