[systemd-devel] A missing SELinux unit access check due to unexpected UNIT_NOT_FOUND unit object

[Lennart Poettering]

On Thu, 18.06.15 18:14, HATAYAMA Daisuke (d.hatayama at jp.fujitsu.com) wrote:

> Currently, there's a behavior that an unit object in UNIT_NOT_FOUND
> generated via After= dependency is unexpectedly? left in
> manager->units hash table and SELinux unit access check is not
> performed.

No this is expected and intended behaviour. All units that are
*referenced* have a Unit object that is in the manager->units hash
table, and that includes units that do not exist on disk.

I am note sure what this means for SELinux though. It probably should
fall back to some generic label or so if a Unit object doesn't have a
unit file associated on disk.

Lennart

-- 
Lennart Poettering, Red Hat