remount: ignore ENOENT error during SELinux relabeling

Ignore ENOENT error in selinux_restorecon to avoid failures when temporary files created by systemd-sysusers in /etc are missing during relabeling. This prevents errors such as: "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory" and allows the process to continue. Co-Authored-By: Alexander Larsson <[email protected]> Signed-off-by: Eric Curtin <[email protected]>
ostreedev · Jun 18, 2024 · e25ca80 · e25ca80
1 parent 8f559e9
commit e25ca80
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/src/boot/ostree-remount.service b/src/boot/ostree-remount.service
@@ -25,7 +25,7 @@ After=-.mount var.mount
 After=systemd-remount-fs.service
 # But we run *before* most other core bootup services that need write access to /etc and /var
 Before=local-fs.target umount.target
-Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service
+Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service systemd-sysusers.service
 Before=systemd-tmpfiles-setup.service systemd-rfkill.service systemd-rfkill.socket
 
 [Service]

diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
@@ -90,8 +90,18 @@ static void
 relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean is_dir)
 {
 #ifdef HAVE_SELINUX
+  /* Ignore ENOENT, because if there is no file to relabel we can continue,
+   * systemd-sysusers runs in parallel and can create temporary files in /etc
+   * causing failures like:
+   * "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory"
+   */
   if (selinux_restorecon (real_path, 0))
-    err (EXIT_FAILURE, "Failed to relabel %s", real_path);
+    {
+      if (errno == ENOENT)
+        return;
+
+      err (EXIT_FAILURE, "Failed to relabel %s", real_path);
+    }
 
   if (!is_dir)
     return;