| Message ID | 20260126153729.2758442-2-u.kleine-koenig@baylibre.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-selinux] systemd: Explain background of creating /var/lib/systemd/backlight | expand |
On 1/26/26 23:37, "Uwe Kleine-König wrote: > The reasoning is taken from commit 5d203f903979 ("systemd: create > /var/lib/systemd/backlight in advance"). > --- > recipes-core/systemd/systemd_selinux.inc | 6 ++++++ > 1 file changed, 6 insertions(+) > > diff --git a/recipes-core/systemd/systemd_selinux.inc b/recipes-core/systemd/systemd_selinux.inc > index 7d466ee608c8..4eb7194444d2 100644 > --- a/recipes-core/systemd/systemd_selinux.inc > +++ b/recipes-core/systemd/systemd_selinux.inc > @@ -1,5 +1,11 @@ > inherit enable-selinux enable-audit > > +# The systemd-backlight@.service which is called after selinux-init.service > +# will create /var/lib/systemd/backlight with incorrect security labels, > +# this causes the systemd-backlight service to fail to start and to stop. > +# > +# Creating /var/lib/systemd/backlight in advance to make sure it could > +# always be relabelled by selinux-init while first booting. > do_install:append() { > if ${@bb.utils.contains('PACKAGECONFIG', 'backlight', 'true', 'false', d)}; then > install -d ${D}${localstatedir}/lib/systemd/backlight This file has been removed in commit: https://git.yoctoproject.org/meta-selinux/commit/?id=4507f3ad747c7507611d718d10c7da8bd602660e //Yi > > base-commit: 1db6bf1b573b9c908752602c1e2b6a30368da3b7
diff --git a/recipes-core/systemd/systemd_selinux.inc b/recipes-core/systemd/systemd_selinux.inc index 7d466ee608c8..4eb7194444d2 100644 --- a/recipes-core/systemd/systemd_selinux.inc +++ b/recipes-core/systemd/systemd_selinux.inc @@ -1,5 +1,11 @@ inherit enable-selinux enable-audit +# The systemd-backlight@.service which is called after selinux-init.service +# will create /var/lib/systemd/backlight with incorrect security labels, +# this causes the systemd-backlight service to fail to start and to stop. +# +# Creating /var/lib/systemd/backlight in advance to make sure it could +# always be relabelled by selinux-init while first booting. do_install:append() { if ${@bb.utils.contains('PACKAGECONFIG', 'backlight', 'true', 'false', d)}; then install -d ${D}${localstatedir}/lib/systemd/backlight
The reasoning is taken from commit 5d203f903979 ("systemd: create /var/lib/systemd/backlight in advance"). --- recipes-core/systemd/systemd_selinux.inc | 6 ++++++ 1 file changed, 6 insertions(+) base-commit: 1db6bf1b573b9c908752602c1e2b6a30368da3b7