Restore SELinux context on service file when SELinux is enabled (#525)

src/Misc/layoutbin/systemd.svc.sh.template

@@ -63,12 +63,25 @@ function install()
 
     sed "s/{{User}}/${run_as_user}/g; s/{{Description}}/$(echo ${SVC_DESCRIPTION} | sed -e 's/[\/&]/\\&/g')/g; s/{{RunnerRoot}}/$(echo ${RUNNER_ROOT} | sed -e 's/[\/&]/\\&/g')/g;" "${TEMPLATE_PATH}" > "${TEMP_PATH}" || failed "failed to create replacement temp file"
     mv "${TEMP_PATH}" "${UNIT_PATH}" || failed "failed to copy unit file"
+
+    # Recent Fedora based Linux (CentOS/Redhat) has SELinux enabled by default
+    # We need to restore security context on the unit file we added otherwise SystemD have no access to it.
+    command -v getenforce > /dev/null
+    if [ $? -eq 0 ]
+    then
+        selinuxEnabled=$(getenforce)
+        if [[ $selinuxEnabled == "Enforcing" ]]
+        then
+            # SELinux is enabled, we will need to Restore SELinux Context for the service file
+            restorecon -r -v "${UNIT_PATH}" || failed "failed to restore SELinux context on ${UNIT_PATH}"
+        fi
+    fi
     
     # unit file should not be executable and world writable
-    chmod 664 ${UNIT_PATH} || failed "failed to set permissions on ${UNIT_PATH}"
+    chmod 664 "${UNIT_PATH}" || failed "failed to set permissions on ${UNIT_PATH}"
     systemctl daemon-reload || failed "failed to reload daemons"
     
-	# Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user.    
+    # Since we started with sudo, runsvc.sh will be owned by root. Change this to current login user.    
     cp ./bin/runsvc.sh ./runsvc.sh || failed "failed to copy runsvc.sh"
     chown ${run_as_uid}:${run_as_gid} ./runsvc.sh || failed "failed to set owner for runsvc.sh"
     chmod 755 ./runsvc.sh || failed "failed to set permission for runsvc.sh"