Re: [systemd-devel] offline updates

On Tue, 2015-07-21 at 03:27 +, Zbigniew Jędrzejewski-Szmek wrote: fedup-system-upgrade.service uses an additional flag file which is checked with ConditionPathExists so it will not run if 'dnf fedup reboot' did not create the flag, even if we go into system-upgrade.target.

[systemd-devel] [PATCH] selinux: fix SEGV during switch-root if SELinux policy loaded

If you've got SELinux policy loaded, label_hnd is your labeling handle. When systemd is shutting down, we free that handle via mac_selinux_finish(). But: switch_root() calls mkdir_p_label(), which tries to look up a label using that freed handle, and so we get a bunch of garbage and eventually

Re: [systemd-devel] [PATCH] core: let selinux_setup() load policy more than once

On Fri, 2014-04-25 at 18:26 -0400, Will Woods wrote: Currently, systemd refuses to load SELinux policy more than once. Normal systems don't care, because they either: a) have initramfs without policy, then load policy after switch-root, or b) load policy in initramfs, and never switch-root

[systemd-devel] [PATCH] core: let selinux_setup() load policy more than once

Hey all, Currently, systemd refuses to load SELinux policy more than once. Normal systems don't care, because they either: a) have initramfs without policy, then load policy after switch-root, or b) load policy in initramfs, and never switch-root out. But if you *do* switch-root more than once

[systemd-devel] [PATCH 1/2] core: reindent {selinux, ima, smack}-setup.c

7-space indentation is just too weird to leave alone. Make it 8 spaces, as per CODING_STYLE. No other changes. --- src/core/ima-setup.c | 110 +- src/core/selinux-setup.c | 152 +++ 2 files changed, 131 insertions(+),

[systemd-devel] [PATCH 2/2] core: let selinux_setup() load policy more than once

When you switch-root into a new root that has SELinux policy, you're supposed to to run selinux_init_load_policy() to set up SELinux and load policy. Normally this gets handled by selinux_setup(). But if SELinux was already initialized, selinux_setup() skips loading policy and returns 0. So if

Re: [systemd-devel] [PATCH] selinux: Only attempt to load policy exactly once, in the real root

On Thu, 2014-02-20 at 18:17 +, Colin Walters wrote: I think both of these (particularly the second) are worse than my patch - we don't (to my knowledge) support putting policy in the initramfs now with Fedora or Red Hat Enterprise Linux, so attempting to find it there by default on every

[systemd-devel] [PATCH] mount: make sure m-where is set before unit_add_exec_dependencies()

If you enter unit_add_exec_dependencies with m-where = NULL, you'll very likely end up aborting somewhere under socket_needs_mount. (When systemd goes to check to see if the journald socket requires your mount, it'll do path_startswith(path, m-where)... *kaboom*) This patch should ensure that: