selinux/restorecond-user.service at 603665855ac711638e4a3239f64e79582ed4bc62 - selinux - RedXen Git

RepoMirrors/selinux

mirror of https://github.com/SELinuxProject/selinux synced 2025-02-25 22:10:38 +00:00

Nicolas Iooss d19f990188

restorecond: add systemd user service

When running restorecond in user sessions using D-Bus activation,
restorecond's process is spawned in the CGroup of the D-Bus daemon:

    $ systemctl --user status
    [...]
       CGroup: /user.slice/user-1000.slice/user@1000.service
               ├─init.scope
               │ ├─1206 /usr/lib/systemd/systemd --user
               │ └─1208 (sd-pam)
               └─dbus.service
                 ├─1628 /usr/bin/dbus-daemon --session --address=systemd:
                 └─4570 /usr/sbin/restorecond -u

In order to separate it, introduce a systemd unit for
restorecond-started-as-user.

After this patch:

       CGroup: /user.slice/user-1000.slice/user@1000.service
               ├─restorecond-user.service
               │ └─2871 /usr/sbin/restorecond -u
               ├─init.scope
               │ ├─481 /usr/lib/systemd/systemd --user
               │ └─485 (sd-pam)
               └─dbus.service
                 └─2868 /usr/bin/dbus-daemon --session --address=systemd:

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

2020-04-26 15:14:06 +02:00

11 lines

277 B

Desktop File

Raw Blame History

 [Unit]
 Description=Restorecon maintaining path file context (user service)
 Documentation=man:restorecond(8)
 ConditionPathExists=/etc/selinux/restorecond_user.conf
 ConditionSecurity=selinux
 [Service]
 Type=dbus
 BusName=org.selinux.Restorecond
 ExecStart=/usr/sbin/restorecond -u