| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Boot loops were being seen when booting with selinux enabled, when the
init system in use is systemd. Once logs were retrieved from the
failing system the error was found to be
selinux-init.sh[284]: /sbin/restorecon: Could not set context for /sys/fs/cgroup/cpuacct: Read-only file system
selinux-init.sh[284]: /sbin/restorecon: Could not set context for /sys/fs/cgroup/cpu: Read-only file system
Systemd mounts /sys/fs/cgroup read-only and the (re)labelling code
used by selinux-init.sh is unable to handle this. On top of this the
system is basically presenting two methods of (re)labelling; using the
built in systemd approach via selinux-autorelabel.service *and* the
code we have in selinux-init.sh. This can get confusing especially
given that most online resources will speak to the systemd approach
using selinux-autorelabel.service and /.autorelabel.
These changes leave the current approach in place when sysvinit is the
init system used, but if systemd is being used we make use of it's
internal (re)labelling functionality. Overall the workflow remains the
same but we now avoid boot loops (systemd remounts /sys/fs/cgroup rw
during the (re)labelling procedure).
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
|
| |
Fixup DESCRIPTION in old selinux-init recipe.
Exclude this autorelabel script from the minimal packagegroup.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
| |
|
|
|
|
|
| |
Remove selinux-init package from packagegroup-selinux-minimal.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
|
|
Add runtime dependencies for init script.
Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
|
