aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichal Schmidt <mschmidt@redhat.com>2011-04-04 09:56:57 +0200
committerBill Nottingham <notting@redhat.com>2011-04-04 11:33:11 -0400
commit93d8f7b7d63689e9244d1ce942997c0e32bdd7cb (patch)
tree7f3b77cc6c62dca7077f09509cc8a2c7c23f9fae
parentbbeaaf153d9feb059f658aab0c59a865856ff407 (diff)
downloadinitscripts-93d8f7b7d63689e9244d1ce942997c0e32bdd7cb.tar
initscripts-93d8f7b7d63689e9244d1ce942997c0e32bdd7cb.tar.gz
initscripts-93d8f7b7d63689e9244d1ce942997c0e32bdd7cb.tar.bz2
initscripts-93d8f7b7d63689e9244d1ce942997c0e32bdd7cb.tar.xz
initscripts-93d8f7b7d63689e9244d1ce942997c0e32bdd7cb.zip
let systemd check the conditions for fedora-autorelabel
The service unit file already checks whether /.autorelabel or the "autorelabel" parameter are present. No need to recheck in the script. Using the new "ConditionSecurity=" feature systemd can also check whether SELinux is enabled.
-rwxr-xr-xsystemd/fedora-autorelabel21
-rw-r--r--systemd/system/fedora-autorelabel.service1
2 files changed, 4 insertions, 18 deletions
diff --git a/systemd/fedora-autorelabel b/systemd/fedora-autorelabel
index 326837b2..d83040a3 100755
--- a/systemd/fedora-autorelabel
+++ b/systemd/fedora-autorelabel
@@ -8,17 +8,6 @@
PLYMOUTH=
[ -x /usr/bin/plymouth ] && PLYMOUTH=yes
-# Check SELinux status
-SELINUX_STATE=
-if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
- if [ -r "/selinux/enforce" ] ; then
- SELINUX_STATE=$(cat "/selinux/enforce")
- else
- # assume enforcing if you can't read it
- SELINUX_STATE=1
- fi
-fi
-
relabel_selinux() {
# if /sbin/init is not labeled correctly this process is running in the
# wrong context, so a reboot will be required after relabel
@@ -47,14 +36,10 @@ relabel_selinux() {
systemctl --force reboot
}
-[ -z "${cmdline}" ] && cmdline=$(cat /proc/cmdline)
-
# Check to see if a full relabel is needed
-if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
- if strstr "$cmdline" autorelabel || [ -f /.autorelabel ] ; then
- restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
- relabel_selinux
- fi
+if [ "$READONLY" != "yes" ]; then
+ restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
+ relabel_selinux
else
if [ "$READONLY" != "yes" ] && [ -d /etc/selinux ]; then
[ -f /.autorelabel ] || touch /.autorelabel
diff --git a/systemd/system/fedora-autorelabel.service b/systemd/system/fedora-autorelabel.service
index cd6a84b3..c98a40ff 100644
--- a/systemd/system/fedora-autorelabel.service
+++ b/systemd/system/fedora-autorelabel.service
@@ -5,6 +5,7 @@ Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target
+ConditionSecurity=selinux
ConditionKernelCommandLine=|autorelabel
ConditionPathExists=|/.autorelabel