selinux-policy/selinux-factory-reset@.service
Petr Lautrbach be68ccafef Do a factory reset when there's no policy.kern file in a store
With rpm-ostree, /var/ directory doesn't contain any file, just
directories. It means that SELinux policy can't be managed or rebuilt
and users have to use only the default policy.

This update adds /usr/share/selinux/POLICYTYPE/default directory and
selinux-factory-reset service.

/var/lib/selinux/POLICYTYPE/active

selinux-reset-policy
2016-09-15 13:51:31 +02:00

18 lines
461 B
Desktop File

[Unit]
Description=Reset SELinux policy to factory default
DefaultDependencies=no
Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target
ConditionSecurity=selinux
ConditionKernelCommandLine=|selinux-factory-reset
ConditionPathExists=|!/var/lib/selinux/%I/active/policy.kern
[Service]
ExecStart=/usr/libexec/selinux/selinux-factory-reset %I
Type=oneshot
TimeoutSec=0
RemainAfterExit=yes
StandardInput=tty