From: Frantisek Sumsal Date: Mon, 5 Jun 2023 20:32:27 +0000 (+0200) Subject: test: add a reasoning why we don't use the SELinux-provided units X-Git-Tag: v254-rc1~277^2~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8c0ace5739789a971b8591f53eb94200aeec2c66;p=thirdparty%2Fsystemd.git test: add a reasoning why we don't use the SELinux-provided units --- diff --git a/test/test-functions b/test/test-functions index 25021779083..c7f9f2f4404 100644 --- a/test/test-functions +++ b/test/test-functions @@ -798,7 +798,7 @@ setup_selinux() { fi local conf_dir=/etc/selinux - local fixfiles_tools=(bash uname cat sort uniq awk grep egrep head expr find rm secon setfiles) + local fixfiles_tools=(awk bash cat chcon expr find grep head secon setfiles rm sort uname uniq) # Make sure the following statement can't expand to "/" to prevent # a potential where-are-my-backups situation @@ -808,6 +808,16 @@ setup_selinux() { exit 1 fi + # We use a custom autorelabel service instead of the SELinux provided set + # of units & a generator, since the generator overrides the default target + # to the SELinux one when it detects /.autorelabel. However, we use + # systemd.unit= on the kernel command cmdline which always takes precedence, + # rendering all SELinux efforts useless. Also, pulling in selinux-autorelabel.service + # explicitly doesn't work either, as it doesn't check for the presence of /.autorelabel + # and does the relabeling unconditionally which always ends with a reboot, so + # we end up in a reboot loop (and it also spews quite a lot of errors as it + # wants /etc/fstab and dracut-initramfs-restore). + touch "$initdir/.autorelabel" mkdir -p "$initdir/usr/lib/systemd/tests/testdata/units/basic.target.wants" ln -sf ../autorelabel.service "$initdir/usr/lib/systemd/tests/testdata/units/basic.target.wants/"