On Tue, 2015-07-21 at 03:27 +, Zbigniew Jędrzejewski-Szmek wrote:
> fedup-system-upgrade.service uses an additional flag file which is
> checked with ConditionPathExists so it will not run if 'dnf fedup
> reboot'
> did not create the flag, even if we go into system-upgrade.target.
>
> packag
On Tue, 2015-03-10 at 17:21 +0100, Lennart Poettering wrote:
> My recommendation would be to use the offline updates logic we have in
> systemd already:
>
> http://www.freedesktop.org/wiki/Software/systemd/SystemUpdates/
>
> systemd has been implementing this for quite a while, at least for all
>
If you've got SELinux policy loaded, label_hnd is your labeling handle.
When systemd is shutting down, we free that handle via mac_selinux_finish().
But: switch_root() calls mkdir_p_label(), which tries to look up a label
using that freed handle, and so we get a bunch of garbage and eventually
SEG
On Fri, 2014-04-25 at 18:26 -0400, Will Woods wrote:
> Currently, systemd refuses to load SELinux policy more than once.
>
> Normal systems don't care, because they either:
> a) have initramfs without policy, then load policy after switch-root, or
> b) load policy in initram
7-space indentation is just too weird to leave alone.
Make it 8 spaces, as per CODING_STYLE. No other changes.
---
src/core/ima-setup.c | 110 +-
src/core/selinux-setup.c | 152 +++
2 files changed, 131 insertions(+),
When you switch-root into a new root that has SELinux policy, you're
supposed to to run selinux_init_load_policy() to set up SELinux and load
policy. Normally this gets handled by selinux_setup().
But if SELinux was already initialized, selinux_setup() skips loading
policy and returns 0. So if you
Hey all,
Currently, systemd refuses to load SELinux policy more than once.
Normal systems don't care, because they either:
a) have initramfs without policy, then load policy after switch-root, or
b) load policy in initramfs, and never switch-root out.
But if you *do* switch-root more than once -
On Thu, 2014-02-20 at 18:17 +, Colin Walters wrote:
> I think both of these (particularly the second) are worse than my
> patch - we don't (to my knowledge) support putting policy in the
> initramfs now with Fedora or Red Hat Enterprise Linux, so attempting
> to find it there by default on ever
If you enter unit_add_exec_dependencies with m->where = NULL, you'll
very likely end up aborting somewhere under socket_needs_mount.
(When systemd goes to check to see if the journald socket requires your
mount, it'll do path_startswith(path, m->where)... *kaboom*)
This patch should ensure that:
