selinux-policy

rpms

selinux-policy

Fork 0

Commit Graph

Author	SHA1	Message	Date
Ondrej Mosnacek	fd69433906	Add a systemd service to check that SELinux is disabled properly As an additional sanity check to support the removal of runtime disabling of SELinux [1], add a simple oneshot service to the selinux-policy package that will print a warning to system journal when it detects on boot that the system has been booted with SELINUX=disabled in /etc/selinux/config, but without selinux=0 on the kernel command line. Note that as per [2], in order for the service to be enabled by default, it needs to be added to the Fedora presets. [1] https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable [2] https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_how_to_enable_a_service_by_default Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>	2021-06-22 09:38:56 +00:00

Author

SHA1

Message

Date

Ondrej Mosnacek

fd69433906

Add a systemd service to check that SELinux is disabled properly

As an additional sanity check to support the removal of runtime
disabling of SELinux [1], add a simple oneshot service to the
selinux-policy package that will print a warning to system journal when
it detects on boot that the system has been booted with SELINUX=disabled
in /etc/selinux/config, but without selinux=0 on the kernel command
line.

Note that as per [2], in order for the service to be enabled by default,
it needs to be added to the Fedora presets.

[1] https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
[2] https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_how_to_enable_a_service_by_default

Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>

2021-06-22 09:38:56 +00:00

1 Commits