[systemd-devel] Antw: [EXT] Re: advice on how to address selinux-autorelabel issue with userdbd

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Tue Jul 14 09:02:06 UTC 2020


>>> Lennart Poettering <mzerqung at 0pointer.de> schrieb am 14.07.2020 um 09:50
in
Nachricht <20200714075029.GC180968 at gardel-login>:
> On Di, 14.07.20 09:10, Dac Override (dac.override at gmail.com) wrote:
> 
>> selinux-autorelabel needs to be able to resolve users. Currently users
>> managed with systemd-serdbd are not resolvable in the
>> selinux-autorelabel.target..
>>
>> Should I be able to pull systemd.userdvd into the
>> selinux-autorelabel.target? Is there a better way to ensure that homed
>> users are resolvable when selinux-autorelabel.service runs?
> 
> systemd-homed runs after /home, and the selinux relabel stuff runs
> much earlier, no?
> 
> How does this work for LDAP/NIS/… users? They typically are late boot
> stuff too?

Yes, it is a problem even at different places: You cannot use an LDAP user for
any tmpfiles, even if the directory is used only after LDAP us up. Also the
password utilities refuse to add the same user locally that exists in LDAP.
Typically I restart the tmpfiles unit again manually and then things are OK.
(In this regard NFS "bg" mounts are much smarter than systemd's tmpfiles
unit.)

> 
> Lennart
> 
> --
> Lennart Poettering, Berlin
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org 
> https://lists.freedesktop.org/mailman/listinfo/systemd-devel 





More information about the systemd-devel mailing list