SELinux policy core utilities
Go to file
Hans de Goede 3bbe617cee selinux-autorelabel: Increment boot_indeterminate grub environment variable
For the new grub auto-hide feature:
https://fedoraproject.org/wiki/Changes/HiddenGrubMenu

Grub needs to know if the previous boot succeeded. This is tracked
through flags in the grub environment.

A selinux autorelabel is special, because it reboots the machine without
completing the boot in the normal manner.

grub checks the (new) boot_indeterminate grub environment variable to deal
with this. This is a variable containing a count of special boots since
the last successful normal boot. If this variable is 1 then it also treats
the previous boot as successful. The idea is that an autorelabel (or
offline updates) increments boot_indeterminate, so normally after a reboot
it will be 1 and the grub menu stays hidden. But if we end up in a selinux
autorelabel loop for some reason, then it will be bigger then 1 (*) and
the grub menu will be shown allowing the user to try and fix things.

*) grub itself will also increment it if it is 1 so that even if it gets
incremented only once, that still only makes 1 boot count as successful.

This commit makes the selinux-autorelabel script call:
grub2-editenv - incr boot_indeterminate
for proper integration with this new grub feature.

Signed-off-by: Hans de Goede <hdegoede@redhat.com>
2018-06-18 11:03:49 +02:00
tests Use shared repository for tests 2018-02-14 17:32:57 +01:00
.gitignore policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
make-rhat-patches.sh Merge branch 'private-master-2.4' 2015-07-20 18:34:55 +02:00
policycoreutils-fedora.patch policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
policycoreutils.spec Rebuilt for Python 3.7 2018-06-15 22:47:46 +02:00
README.translations Add readme dealing with translations 2018-01-12 09:51:29 +01:00
restorecond-fedora.patch SELinux userspace 2.8-rc1 release candidate 2018-04-23 14:31:24 +02:00
selinux-autorelabel selinux-autorelabel: Increment boot_indeterminate grub environment variable 2018-06-18 11:03:49 +02:00
selinux-autorelabel-generator.sh Use generator approach to fix autorelabel. 2016-07-20 22:31:07 +02:00
selinux-autorelabel-mark.service Ship selinux-autorelabel utility and systemd unit files 2016-04-25 09:36:31 +02:00
selinux-autorelabel.service Use generator approach to fix autorelabel. 2016-07-20 22:31:07 +02:00
selinux-autorelabel.target Use generator approach to fix autorelabel. 2016-07-20 22:31:07 +02:00
selinux-dbus-fedora.patch policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
selinux-gui-fedora.patch SELinux userspace 2.8-rc1 release candidate 2018-04-23 14:31:24 +02:00
selinux-python-fedora.patch policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
selinux-sandbox-fedora.patch policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
semodule-utils-fedora.patch SELinux userspace 2.8-rc1 release candidate 2018-04-23 14:31:24 +02:00
sepolicy-help.tgz Fixes for sepolicy gui 2013-10-02 16:25:25 -04:00
sepolicy-icons.tgz Speed up startup time of sepolicy gui 2013-11-15 09:06:16 -05:00
sources policycoreutils-2.8-1 2018-05-25 11:45:50 +02:00
system-config-selinux.png Fix empty system-config-selinux.png 2013-02-12 16:16:02 -05:00

policycoreutils translations currently live in the following locations:

- https://fedora.zanata.org/project/view/selinux
  - contains translations for both stable (Red Hat Enterprise Linux) and master (Fedora) branches
  - maintains large number of languages (several of which do not actually contain any translated strings)
  - updated by community and partially by RH localization effort

- selinux source repository (https://github.com/fedora-selinux/selinux)
  - is kept up-to-date with fedora.zanata

How to update source files on fedora.zanata:
  $ git clone git@github.com:fedora-selinux/selinux.git
  $ cd selinux/policycoreutils/po
    # generate new potfile
  $ make policycoreutils.pot
    # Push potfiles to zanata
  $ zanata-cli push --push-type source

How to pull new translations from zanata
  $ git clone git@github.com:fedora-selinux/selinux.git
  $ cd policycoreutils/po
    # Make sure "zanata.xml" file pointing to corresponding translations branch is present
    # Optionally update source files on zanata
    # Pull new translations from zanata
  $ zanata-cli -e pull --pull-type trans