fixes for release package #1889
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Ben Cressey <bcressey@amazon.com>
jpculp
approved these changes
Jan 4, 2022
cbgbt
approved these changes
Jan 5, 2022
In order for `setfiles` to work, the SELinux file contexts must have been copied into `/etc`. The dependency is specified with "Wants" rather than "Requires" to avoid restarting the service if selinux-policy-files is restarted for any reason. Subsequent runs would fail and put the system in a bad state until the next reboot. Add RefuseManualStop / RefuseManualStart to both services to indicate the risk during interactive use by an administrator. Signed-off-by: Ben Cressey <bcressey@amazon.com>
bcressey
force-pushed
the
release-fixes
branch
from
1222cfc to
f793284
Compare
|
The above change switches to I've also added |
jpculp
approved these changes
Jan 6, 2022
webern
approved these changes
Jan 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue number:
N/A
Description of changes:
Make
prepare-local.servicedepend onselinux-policy-files.service, since otherwise thesetfilescommand can fail if the file contexts haven't been copied yet. I've only seen this on a system that was failing to boot for other reasons, but in theory it could affect the most recent release.Simplify the default target symlink, which was flagged by the
symlinkstool while troubleshooting broken symlinks for the systemd upgrade.Testing done:
Verified that the new dependency was used for
prepare-local.service.Verified that the simplified symlink was correct for
default.target.Verified that the two services can't be manually restarted:
Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.