]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a2a734e) | patch
mkosi: Disable selinux labelling and install policy in initramfs
authorRichard Maw <richard.maw@codethink.co.uk>
Tue, 30 Apr 2024 16:23:02 +0000 (17:23 +0100)
committerRichard Maw <richard.maw@codethink.co.uk>
Fri, 3 May 2024 11:57:11 +0000 (12:57 +0100)
commite26efe09f3dd70b88e4feec75f314dd16d954491
treec911d493bd6695d9f89a60ab79d76cc852b1a635tree | snapshot
parenta2a734e737a78256c02d8b2ed0134465fa7d8cc0commit | diff
mkosi: Disable selinux labelling and install policy in initramfs

It is necessary to install the selinux policy in the initramfs
so that userland is entered with the correct label.

SELinuxRelabel defaults to auto, which will skip if the relabelling
command is not installed and will treat failure to relabel as non-fatal.

We can't force it on because root privileges are required if the labels
don't exist on the host system and we would like to be able to
cross-build from other distributions.

Since we are already committed to relabelling on first boot
there is no value in even trying to label.
mkosi.images/system/mkosi.conf.d/10-centos-fedora/mkosi.conf.d/10-selinux.conf diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.