selinux-autorelabel: Increment boot_indeterminate grub environment variable
For the new grub auto-hide feature: https://fedoraproject.org/wiki/Changes/HiddenGrubMenu Grub needs to know if the previous boot succeeded. This is tracked through flags in the grub environment. A selinux autorelabel is special, because it reboots the machine without completing the boot in the normal manner. grub checks the (new) boot_indeterminate grub environment variable to deal with this. This is a variable containing a count of special boots since the last successful normal boot. If this variable is 1 then it also treats the previous boot as successful. The idea is that an autorelabel (or offline updates) increments boot_indeterminate, so normally after a reboot it will be 1 and the grub menu stays hidden. But if we end up in a selinux autorelabel loop for some reason, then it will be bigger then 1 (*) and the grub menu will be shown allowing the user to try and fix things. *) grub itself will also increment it if it is 1 so that even if it gets incremented only once, that still only makes 1 boot count as successful. This commit makes the selinux-autorelabel script call: grub2-editenv - incr boot_indeterminate for proper integration with this new grub feature. Signed-off-by: Hans de Goede <hdegoede@redhat.com>
This commit is contained in:
Hans de Goede
Petr Lautrbach
parent
a16e7bc7bb
commit
3bbe617cee
@ -59,6 +59,9 @@ relabel_selinux() {
|
||||
rm -f /.autorelabel
|
||||
/usr/lib/dracut/dracut-initramfs-restore
|
||||
efi_set_boot_next
|
||||
if [ -x /usr/bin/grub2-editenv ]; then
|
||||
grub2-editenv - incr boot_indeterminate >/dev/null 2>&1
|
||||
fi
|
||||
sync
|
||||
systemctl --force reboot
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user