restorecond: add systemd user service
When running restorecond in user sessions using D-Bus activation,
restorecond's process is spawned in the CGroup of the D-Bus daemon:
$ systemctl --user status
[...]
CGroup: /user.slice/user-1000.slice/user@1000.service
├─init.scope
│ ├─1206 /usr/lib/systemd/systemd --user
│ └─1208 (sd-pam)
└─dbus.service
├─1628 /usr/bin/dbus-daemon --session --address=systemd:
└─4570 /usr/sbin/restorecond -u
In order to separate it, introduce a systemd unit for
restorecond-started-as-user.
After this patch:
CGroup: /user.slice/user-1000.slice/user@1000.service
├─restorecond-user.service
│ └─2871 /usr/sbin/restorecond -u
├─init.scope
│ ├─481 /usr/lib/systemd/systemd --user
│ └─485 (sd-pam)
└─dbus.service
└─2868 /usr/bin/dbus-daemon --session --address=systemd:
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss
parent
252925ccdf
commit
d19f990188
|
|
@ -50,6 +50,8 @@ install: all
|
|||
install -m 644 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
|
||||
-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
|
||||
install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
|
||||
-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/user
|
||||
install -m 644 restorecond-user.service $(DESTDIR)$(SYSTEMDDIR)/user/
|
||||
relabel: install
|
||||
/sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond
|
||||
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
[D-BUS Service]
|
||||
Name=org.selinux.Restorecond
|
||||
Exec=/usr/sbin/restorecond -u
|
||||
SystemdService=restorecond-user.service
|
||||
|
|
|
|||
|
|
@ -0,0 +1,10 @@
|
|||
[Unit]
|
||||
Description=Restorecon maintaining path file context (user service)
|
||||
Documentation=man:restorecond(8)
|
||||
ConditionPathExists=/etc/selinux/restorecond_user.conf
|
||||
ConditionSecurity=selinux
|
||||
|
||||
[Service]
|
||||
Type=dbus
|
||||
BusName=org.selinux.Restorecond
|
||||
ExecStart=/usr/sbin/restorecond -u
|
||||
Loading…
Reference in New Issue