| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
The selinux-init/autorelabel/labeldev services have a constraint of
Before=sysinit.arget. So it is better to install them to sysinit.target
rather than multi-user.target.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe@deserted.net>
|
|
|
|
|
|
|
|
|
|
|
| |
The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue
when first boot with bootparams="selinux=1 enforcing=1". At first boot,
all files are unlabeled including /sbin/setfiles. The relabel operations
are not permitted under enforcing mode. So we need to disable enforcing
mode before relabel.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
|
|
|
|
|
|
| |
add systemd service file for handling selinux autorelabel, this change
improves handling of systemd service functionality like:status check,
re-run, debug etc. compared to sysvinit compatibility mode scripts.
Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
Fixup DESCRIPTION in old selinux-init recipe.
Exclude this autorelabel script from the minimal packagegroup.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|