From cb7e0a5819ef0ba1d0f9691519975496aed2a6ce Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 12 Mar 2023 10:30:34 -0500
Subject: [PATCH] init-storage: Set SELinux context for /var

This label needs to be applied before the subvolume is mounted initially
to prevent AVC denials.
---
 overlay/usr/libexec/init-storage | 1 +
 1 file changed, 1 insertion(+)

diff --git a/overlay/usr/libexec/init-storage b/overlay/usr/libexec/init-storage
index 304a810..e54f75a 100755
--- a/overlay/usr/libexec/init-storage
+++ b/overlay/usr/libexec/init-storage
@@ -27,6 +27,7 @@ format_dev() {
 
     mount "${dev}" "${tmpdir}" || exit
     btrfs subvolume create "${tmpdir}"/var || exit
+    chcon -t var_t "${tmpdir}"/var || exit
     umount "${dev}" || exit
 }