Add restorecon service
This service runs `restorecon` on `/var` to fix any errant SELinux labels when the system first boots following an update.
This commit is contained in:
@@ -1,5 +1,7 @@
|
|||||||
enable auditd.service
|
enable auditd.service
|
||||||
|
|
||||||
|
enable restorecon.service
|
||||||
|
|
||||||
disable ldconfig.service
|
disable ldconfig.service
|
||||||
|
|
||||||
disable systemd-userdbd.service
|
disable systemd-userdbd.service
|
||||||
|
|||||||
15
overlay/usr/lib/systemd/system/restorecon.service
Normal file
15
overlay/usr/lib/systemd/system/restorecon.service
Normal file
@@ -0,0 +1,15 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Restore SELinux file contexts in /var
|
||||||
|
ConditionNeedsUpdate=/var
|
||||||
|
DefaultDependencies=no
|
||||||
|
After=local-fs.target
|
||||||
|
Before=sysinit.target
|
||||||
|
Before=systemd-tmpfiles-setup.service
|
||||||
|
Before=systemd-update-done.service
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/usr/sbin/restorecon -RFv /var
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=sysinit.target
|
||||||
Reference in New Issue
Block a user