Skip to content

Commit

Permalink
Add RemainAfterExit=true to autorelabel services
Browse files Browse the repository at this point in the history
Otherwise they'll never be considered active and local-fs.target will never be
fully reached. Anything triggering multiple starts of local-fs.target would
start the -relabel services again, eventually failing due to start-limit-hit.
  • Loading branch information
Vogtinator committed Oct 29, 2024
1 parent e3065b9 commit 9911323
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion selinux/selinux-autorelabel-generator
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,7 @@ enable_units() {
[Service]
Type=oneshot
ExecStart=/sbin/restorecon -R ${opts} ${realdir}
RemainAfterExit=true
EOF

ln -sf ../"${unitfile}" "${generatordir}"/local-fs.target.requires/"${unitfile}"
Expand All @@ -62,7 +63,8 @@ enable_units() {
[Service]
Type=oneshot
ExecStart=/usr/bin/rm /etc/selinux/.autorelabel
EOF
RemainAfterExit=true
EOF

ln -sf "../${unitfile}" "${generatordir}/local-fs.target.requires/${unitfile}"
}
Expand Down

0 comments on commit 9911323

Please sign in to comment.