fd69433 Add a systemd service to check that SELinux is disabled properly

2 files Authored by omos 2 years ago, Committed by zpytela 2 years ago,
    Add a systemd service to check that SELinux is disabled properly
    
    As an additional sanity check to support the removal of runtime
    disabling of SELinux [1], add a simple oneshot service to the
    selinux-policy package that will print a warning to system journal when
    it detects on boot that the system has been booted with SELINUX=disabled
    in /etc/selinux/config, but without selinux=0 on the kernel command
    line.
    
    Note that as per [2], in order for the service to be enabled by default,
    it needs to be added to the Fedora presets.
    
    [1] https://fedoraproject.org/wiki/Changes/Remove_Support_For_SELinux_Runtime_Disable
    [2] https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_how_to_enable_a_service_by_default
    
    Signed-off-by: Ondrej Mosnacek <omosnace@redhat.com>
    
        
file modified
+12 -0