Security upgrade: always set dummy_file mode/label

Prior to this commit, the script only changed the mode/label if the file
has not existed before. If the script ever managed to touch the file and
then got killed, the file's mode/label would never get properly adjusted
when running the script again.

Change-Id: I707870eea9abb63ccf10e8c54fb3ca984e92196a

diff --git a/upgrade/201.security_upgrade.sh b/upgrade/201.security_upgrade.sh
index 8aae0859d8f319a196cd1e643dda503e15fcec9d..7a7a2d94501144b8744b07acb53e423d5b41978f 100644 (file)
--- a/upgrade/201.security_upgrade.sh
+++ b/upgrade/201.security_upgrade.sh
@@ -29,9 +29,9 @@ sqlite3 /opt/dbspace/.policy.db "UPDATE prevent_list SET UID=$global_uid WHERE U
 if [ ! -e /opt/share/security-config/dummy_file ]
 then
        touch /opt/share/security-config/dummy_file
-       chmod 600 /opt/share/security-config/dummy_file
-       chsmack -a "_" /opt/share/security-config/dummy_file
 fi
+chmod 600 /opt/share/security-config/dummy_file
+chsmack -a "_" /opt/share/security-config/dummy_file
 
 # start cynara & security-manager
 systemctl start security-manager-rules-loader