summaryrefslogtreecommitdiffstats
path: root/recipes-security/selinux/selinux-initsh.inc
Commit message (Collapse)AuthorAgeFilesLines
* meta-selinux: convert to new override syntaxYi Zhao2021-08-041-4/+4
| | | | | | | | | | This is the result of automated script conversion: poky/scripts/contrib/convert-overrides.py meta-selinux Converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe@deserted.net>
* selinux-initsh.inc: install selinux-init.sh and selinux-labeldev.sh when ↵Yi Zhao2019-12-301-2/+7
| | | | | | | | | | | | | | using systemd The commit 5fd3c5b71edb99659aeb5cb5903088d84517382e introduced an issue that selinux-init.sh and selinux-labeldev.sh are not installed when using systemd which will cause the selinux-ini.service and selinux-labeldev.service fail to startup. Move the do_install codes from selinux-autorelabel to selinux-initsh.inc to make sure install these scripts when using systemd. Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* autorelabel: only selinux-autorelabel need autorelabel fileChristophe PRIOUZEAU2019-12-091-7/+0
| | | | | | | | | | With previous implementation, several packages provided .autorelabel file while only selinux-autorelabel manage it. If there is several packages which try to install .autorelabel file, an issue occur during installation of packagegroup-core-selinux. Signed-off-by: Christophe Priouzeau <christophe.priouzeau@st.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: use systemd (re)labellingMark Asselstine2019-08-281-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | Boot loops were being seen when booting with selinux enabled, when the init system in use is systemd. Once logs were retrieved from the failing system the error was found to be selinux-init.sh[284]: /sbin/restorecon: Could not set context for /sys/fs/cgroup/cpuacct: Read-only file system selinux-init.sh[284]: /sbin/restorecon: Could not set context for /sys/fs/cgroup/cpu: Read-only file system Systemd mounts /sys/fs/cgroup read-only and the (re)labelling code used by selinux-init.sh is unable to handle this. On top of this the system is basically presenting two methods of (re)labelling; using the built in systemd approach via selinux-autorelabel.service *and* the code we have in selinux-init.sh. This can get confusing especially given that most online resources will speak to the systemd approach using selinux-autorelabel.service and /.autorelabel. These changes leave the current approach in place when sysvinit is the init system used, but if systemd is being used we make use of it's internal (re)labelling functionality. Overall the workflow remains the same but we now avoid boot loops (systemd remounts /sys/fs/cgroup rw during the (re)labelling procedure). Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-initsh.inc: add systemd supportShrikant Bobade2016-09-011-1/+11
| | | | | | | | add support for systemd service file and handling of script required by systemd service file. Signed-off-by: Shrikant Bobade <shrikant_bobade@mentor.com> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
* selinux-init: Move script logic into include.Philip Tricca2015-11-271-0/+25
This will be useful when we have other init scripts. Signed-off-by: Philip Tricca <flihp@twobit.us> Signed-off-by: Joe MacDonald <joe_macdonald@mentor.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-07-21 05:08:28 +0000