diff options
Diffstat (limited to 'meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd')
3 files changed, 49 insertions, 0 deletions
diff --git a/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.service b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.service new file mode 100644 index 000000000..b8d394068 --- /dev/null +++ b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.service @@ -0,0 +1,12 @@ +[Unit] +Description=Generated file SELinux relabeling +DefaultDependencies=no +After=local-fs.target systemd-machine-id-commit.service +Before=sysinit.target + +[Service] +Type=oneshot +ExecStart=/usr/sbin/systemd-selinux-relabel.sh + +[Install] +WantedBy=sysinit.target diff --git a/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.sh b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.sh new file mode 100644 index 000000000..b2557a8d6 --- /dev/null +++ b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/files/systemd-selinux-relabel.sh @@ -0,0 +1,12 @@ +#!/bin/sh + +# Update labels on files generated on first boot. +/usr/sbin/restorecon -FRi /etc/systemd /etc/machine-id +if [ $? -eq 0 ]; then + # Disable parent service + # NOTE: The service does not use the first boot functionality + # in systemd as /etc/machine-id is not writeable until + # after it is complete. + systemctl disable systemd-selinux-relabel.service +fi +exit 0 diff --git a/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/systemd-selinux-relabel_1.0.bb b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/systemd-selinux-relabel_1.0.bb new file mode 100644 index 000000000..7e4f9783c --- /dev/null +++ b/meta-agl-core/dynamic-layers/meta-selinux/recipes-core/systemd/systemd-selinux-relabel_1.0.bb @@ -0,0 +1,25 @@ +SUMMARY = "System unit to relabel systemd generated files" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COMMON_LICENSE_DIR}/MIT;md5=0835ade698e0bcf8506ecda2f7b4f302" + +SRC_URI = "file://systemd-selinux-relabel.service \ + file://systemd-selinux-relabel.sh \ +" + +inherit systemd allarch features_check + +SYSTEMD_SERVICE:${PN} = "${BPN}.service" + +REQUIRED_DISTRO_FEATURES = "systemd" + +do_configure[noexec] = "1" +do_compile[noexec] = "1" + +do_install() { + install -d ${D}${systemd_system_unitdir} + install -m 0644 ${WORKDIR}/systemd-selinux-relabel.service ${D}${systemd_system_unitdir}/ + install -d ${D}${sbindir} + install -m 0755 ${WORKDIR}/systemd-selinux-relabel.sh ${D}${sbindir}/ +} + +FILES:${PN} += "${systemd_system_unitdir}" |