summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux/selinux-autorelabel
Commit message (Collapse)AuthorAgeFilesLines
* selinux-*.service: install to sysinit.targetYi Zhao2020-09-231-1/+1
| | | | | | | | | The selinux-init/autorelabel/labeldev services have a constraint of Before=sysinit.arget. So it is better to install them to sysinit.target rather than multi-user.target. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-autorelabel: disable enforcing mode before relabelYi Zhao2019-09-091-3/+6
| | | | | | | | | | | The commit b0d31db104d9a4e94bc1409c2ffcc1d82f4a780f introduced an issue when first boot with bootparams="selinux=1 enforcing=1". At first boot, all files are unlabeled including /sbin/setfiles. The relabel operations are not permitted under enforcing mode. So we need to disable enforcing mode before relabel. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-autorelabel: add systemd service file supportShrikant Bobade2016-09-011-0/+11
| | | | | | | | | add systemd service file for handling selinux autorelabel, this change improves handling of systemd service functionality like:status check, re-run, debug etc. compared to sysvinit compatibility mode scripts. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: Break handling of /.autorelabel out into separate script.Philip Tricca2015-11-271-0/+22
Fixup DESCRIPTION in old selinux-init recipe. Exclude this autorelabel script from the minimal packagegroup. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>