From 9911323401f30be3e13c19a41bc2e637499bb86c Mon Sep 17 00:00:00 2001 From: Fabian Vogt Date: Tue, 29 Oct 2024 15:58:20 +0100 Subject: [PATCH] Add RemainAfterExit=true to autorelabel services Otherwise they'll never be considered active and local-fs.target will never be fully reached. Anything triggering multiple starts of local-fs.target would start the -relabel services again, eventually failing due to start-limit-hit. --- selinux/selinux-autorelabel-generator | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/selinux/selinux-autorelabel-generator b/selinux/selinux-autorelabel-generator index 46a3826..e99317e 100755 --- a/selinux/selinux-autorelabel-generator +++ b/selinux/selinux-autorelabel-generator @@ -43,6 +43,7 @@ enable_units() { [Service] Type=oneshot ExecStart=/sbin/restorecon -R ${opts} ${realdir} + RemainAfterExit=true EOF ln -sf ../"${unitfile}" "${generatordir}"/local-fs.target.requires/"${unitfile}" @@ -62,7 +63,8 @@ enable_units() { [Service] Type=oneshot ExecStart=/usr/bin/rm /etc/selinux/.autorelabel -EOF + RemainAfterExit=true + EOF ln -sf "../${unitfile}" "${generatordir}/local-fs.target.requires/${unitfile}" }