AimeeOS/aimee-os
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Allow systemd-tmpfiles to manage all files

Browse Source 
The `systemd_tmpfiles_manage_all` SELinux boolean allows
systemd-tmpfiles to manage any file, not just the (very small) subset
allowed by the default SELinux policy.  Since we're using
systemd-tmpfiles to create directories and subvolumes for our
applications, we need this setting enabled.
This commit is contained in:
Dustin
2023-03-26 12:16:40 -05:00
parent b7f2d22586
commit 5fef6f1665
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
build-rootfs.sh
View File

@@ -97,6 +97,7 @@ fi
unshare -m sh -e <<EOF
mount -o bind /mnt/gentoo/var/lib/selinux /var/lib/selinux
mount -o bind /mnt/gentoo/etc/selinux /etc/selinux
semanage boolean -N -m --on systemd_tmpfiles_manage_all
semanage boolean -N -m --on ssh_sysadm_login
semanage login -N -m -s root root
semanage user -N -m -R sysadm_r root