On Fri, 16.05.14 10:33, Chris Murphy ([email protected]) wrote: > >> Seems crude but I could figure out how to set an selinux label on the > >> wrong /var to prevent anything from creating things there, and see > >> what explodes? > > > > maybe use chattr with the immutable flag? > > That did it. > > [ 14.653169] rawhide.localdomain fedora-import-state[277]: cp: cannot > create directory ‘/./var/lib/dhclient’: Permission denied > [ 14.653474] rawhide.localdomain fedora-import-state[277]: cp: preserving > times for ‘/./var/lib’: Operation not permitted > > > rpm -q --whatprovides /lib/systemd/fedora-import-state > initscripts-9.54-2.fc21.x86_64 > > > # cat /usr/lib/systemd/system/fedora-import-state.service > [Unit] > Description=Import network configuration from initramfs > DefaultDependencies=no > ConditionPathIsReadWrite=/ > ConditionDirectoryNotEmpty=/run/initramfs/state > Conflicts=shutdown.target > Before=shutdown.target emergency.service emergency.target > systemd-tmpfiles-setup.service > After=systemd-remount-fs.service > > [Service] > ExecStart=/lib/systemd/fedora-import-state > Type=oneshot > TimeoutSec=0 > RemainAfterExit=yes
Hmm, this seems to be an initrd thing. Harald, can you comment? It's certainly broken the way it currently is... If we still need this I do wonder why this is not part of the dracut package? Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
