[systemd-devel] [PATCH 3/4] condition: add ConditionSELinux
Michal Schmidt
mschmidt at redhat.com
Sun Apr 3 12:39:01 PDT 2011
On Sun, 03 Apr 2011 19:56:50 +0200 Tollef Fog Heen wrote:
> How does this interact with read-only /?
If the user
1. boots with SELinux disabled and read-only /,
2. remounts / read-write and thus destroys some files' contexts,
3. and then reboots with SELinux enabled
then he's on his own to deal with the consequences.
If on the other hand / stays read-only for the whole duration of
working with SELinux disabled, then no contexts will be harmed and
relabeling will not be necessary.
> We should really stop having flag files like this outside
> of well-defined directories which exist for that purpose.
/.autorelabel is not new. Fedora's /etc/rc.sysinit has been doing
this since May 2005. I am only trying to prevent the loss of this
feature.
What directory would you suggest for this purpose?
Michal
More information about the systemd-devel
mailing list