RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

restorecond: add systemd user service 

When running restorecond in user sessions using D-Bus activation,
restorecond's process is spawned in the CGroup of the D-Bus daemon:

    $ systemctl --user status
    [...]
       CGroup: /user.slice/user-1000.slice/user@1000.service
               ├─init.scope
               │ ├─1206 /usr/lib/systemd/systemd --user
               │ └─1208 (sd-pam)
               └─dbus.service
                 ├─1628 /usr/bin/dbus-daemon --session --address=systemd:
                 └─4570 /usr/sbin/restorecond -u

In order to separate it, introduce a systemd unit for
restorecond-started-as-user.

After this patch:

       CGroup: /user.slice/user-1000.slice/user@1000.service
               ├─restorecond-user.service
               │ └─2871 /usr/sbin/restorecond -u
               ├─init.scope
               │ ├─481 /usr/lib/systemd/systemd --user
               │ └─485 (sd-pam)
               └─dbus.service
                 └─2868 /usr/bin/dbus-daemon --session --address=systemd:

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2020-04-13 14:35:48 +02:00
parent 252925ccdf
commit d19f990188
No known key found for this signature in database
GPG Key ID: C191415F340DAAA0
3 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
restorecond/Makefile
View File

@ -50,6 +50,8 @@ install: all
install -m 644 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service install -m 644 org.selinux.Restorecond.service $(DESTDIR)$(DBUSSERVICEDIR)/org.selinux.Restorecond.service
-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system -mkdir -p $(DESTDIR)$(SYSTEMDDIR)/system
install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/ install -m 644 restorecond.service $(DESTDIR)$(SYSTEMDDIR)/system/
-mkdir -p $(DESTDIR)$(SYSTEMDDIR)/user
install -m 644 restorecond-user.service $(DESTDIR)$(SYSTEMDDIR)/user/
relabel: install relabel: install
/sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond /sbin/restorecon $(DESTDIR)$(SBINDIR)/restorecond

1
restorecond/org.selinux.Restorecond.service
View File

@ -1,3 +1,4 @@
[D-BUS Service] [D-BUS Service]
Name=org.selinux.Restorecond Name=org.selinux.Restorecond
Exec=/usr/sbin/restorecond -u Exec=/usr/sbin/restorecond -u
SystemdService=restorecond-user.service

10
restorecond/restorecond-user.service Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=Restorecon maintaining path file context (user service)
Documentation=man:restorecond(8)
ConditionPathExists=/etc/selinux/restorecond_user.conf
ConditionSecurity=selinux
[Service]
Type=dbus
BusName=org.selinux.Restorecond
ExecStart=/usr/sbin/restorecond -u