test: Integrate custom selinux relabelling unit with firstboot

2024-07-22 18:55:10 +00:00 · 2024-04-05 17:47:17 +01:00 · 2024-04-05 17:47:17 +01:00 · a2a734e737
parent 049b456d9a
commit a2a734e737
2 changed files with 28 additions and 3 deletions
--- a/test/units/autorelabel.service
+++ b/test/units/autorelabel.service
@ -3,9 +3,14 @@
 Description=Relabel all filesystems
 DefaultDependencies=no
 Requires=local-fs.target
-Conflicts=shutdown.target
 After=local-fs.target
-Before=sysinit.target shutdown.target
+Conflicts=shutdown.target
+Before=shutdown.target
+Before=multi-user.target
+# Needs to access /var, which may not have been populated yet
+After=systemd-tmpfiles-setup.service
+# Must wait for systemd-machine-id-commit or firstboot-autorelabel will reactivate autorelabel
+After=systemd-machine-id-commit.service
 ConditionSecurity=selinux
 ConditionPathExists=|/.autorelabel

@ -16,4 +21,4 @@ TimeoutSec=infinity
 RemainAfterExit=yes

 [Install]
-WantedBy=basic.target
+WantedBy=multi-user.target
--- a/test/units/firstboot-autorelabel.service
+++ b/test/units/firstboot-autorelabel.service
@ -0,0 +1,20 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Activate relabelling on firstboot only
+DefaultDependencies=no
+Wants=first-boot-complete.target
+Requires=local-fs.target
+After=local-fs.target
+Conflicts=shutdown.target
+Before=shutdown.target
+Before=first-boot-complete.target sysinit.target autorelabel.service
+ConditionPathIsReadWrite=/etc
+ConditionFirstBoot=yes
+
+[Service]
+ExecStart=touch /.autorelabel
+Type=oneshot
+RemainAfterExit=yes
+
+[Install]
+WantedBy=sysinit.target