Ondrej Mosnacek
|
fd69433906
|
Add a systemd service to check that SELinux is disabled properly
As an additional sanity check to support the removal of runtime
disabling of SELinux [1], add a simple oneshot service to the
selinux-policy package that will print a warning to system journal when
it detects on boot that the system has been booted with SELINUX=disabled
in /etc/selinux/config, but without selinux=0 on the kernel command
line.
Note that as per [2], in order for the service to be enabled by default,
it needs to be added to the Fedora presets.
[1] https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
[2] https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_how_to_enable_a_service_by_default
Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
|
2021-06-22 09:38:56 +00:00 |
|