From 9a7683a7bbaae7462cb47b7b87a670d1470184e5 Mon Sep 17 00:00:00 2001
From: Antonio Murdaca <antoniomurdaca@gmail.com>
Date: Wed, 30 Aug 2023 16:59:07 +0200
Subject: [PATCH] chore: fixup paths for selinux

Using the service-info-api server with selinux requires us to put
anything we want to send to the device under /var/lib/fdo as that
directory, and its files, will now get the correct selinux label.
The previous approach opens up for security issues by leaving the
process basically accessing the whole host.

Signed-off-by: Antonio Murdaca <antoniomurdaca@gmail.com>
---
 HOWTO.md                                   | 4 ++--
 examples/config/serviceinfo-api-server.yml | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/HOWTO.md b/HOWTO.md
index 882887d02..70ada8797 100644
--- a/HOWTO.md
+++ b/HOWTO.md
@@ -446,10 +446,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/etc/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/etc/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls
diff --git a/examples/config/serviceinfo-api-server.yml b/examples/config/serviceinfo-api-server.yml
index e0b399845..002407d6f 100644
--- a/examples/config/serviceinfo-api-server.yml
+++ b/examples/config/serviceinfo-api-server.yml
@@ -11,10 +11,10 @@ service_info:
     sshkeys:
     - "testkey"
   files:
-  - path: /device/etc/hosts
+  - path: /var/lib/fdo/etc/hosts
     permissions: 644
     source_path: /server/local/etc/hosts
-  - path: /device/etc/resolv.conf
+  - path: /var/lib/fdo/etc/resolv.conf
     source_path: /server/local/etc/resolv.conf
   commands:
   - command: ls