From: Richard Maw <richard.maw@codethink.co.uk>
Date: Fri, 5 Apr 2024 16:47:17 +0000 (+0100)
Subject: test: Integrate custom selinux relabelling unit with firstboot
X-Git-Tag: v256-rc2~103^2~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a2a734e737a78256c02d8b2ed0134465fa7d8cc0;p=thirdparty%2Fsystemd.git

test: Integrate custom selinux relabelling unit with firstboot
---

diff --git a/test/units/autorelabel.service b/test/units/autorelabel.service
index 7e5f9a2b89b..fd652225d9e 100644
--- a/test/units/autorelabel.service
+++ b/test/units/autorelabel.service
@@ -3,9 +3,14 @@
 Description=Relabel all filesystems
 DefaultDependencies=no
 Requires=local-fs.target
-Conflicts=shutdown.target
 After=local-fs.target
-Before=sysinit.target shutdown.target
+Conflicts=shutdown.target
+Before=shutdown.target
+Before=multi-user.target
+# Needs to access /var, which may not have been populated yet
+After=systemd-tmpfiles-setup.service
+# Must wait for systemd-machine-id-commit or firstboot-autorelabel will reactivate autorelabel
+After=systemd-machine-id-commit.service
 ConditionSecurity=selinux
 ConditionPathExists=|/.autorelabel
 
@@ -16,4 +21,4 @@ TimeoutSec=infinity
 RemainAfterExit=yes
 
 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
diff --git a/test/units/firstboot-autorelabel.service b/test/units/firstboot-autorelabel.service
new file mode 100644
index 00000000000..b69dcf72a38
--- /dev/null
+++ b/test/units/firstboot-autorelabel.service
@@ -0,0 +1,20 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Activate relabelling on firstboot only
+DefaultDependencies=no
+Wants=first-boot-complete.target
+Requires=local-fs.target
+After=local-fs.target
+Conflicts=shutdown.target
+Before=shutdown.target
+Before=first-boot-complete.target sysinit.target autorelabel.service
+ConditionPathIsReadWrite=/etc
+ConditionFirstBoot=yes
+
+[Service]
+ExecStart=touch /.autorelabel
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sysinit.target