From e25ca8099f85f8ee22e66631b0d14b6eb612f620 Mon Sep 17 00:00:00 2001 From: Eric Curtin Date: Tue, 18 Jun 2024 15:06:12 +0100 Subject: [PATCH] remount: ignore ENOENT error during SELinux relabeling Ignore ENOENT error in selinux_restorecon to avoid failures when temporary files created by systemd-sysusers in /etc are missing during relabeling. This prevents errors such as: "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory" and allows the process to continue. Co-Authored-By: Alexander Larsson Signed-off-by: Eric Curtin --- src/boot/ostree-remount.service | 2 +- src/switchroot/ostree-remount.c | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/src/boot/ostree-remount.service b/src/boot/ostree-remount.service index 7c0d01a3bb..3a8b4b20d2 100644 --- a/src/boot/ostree-remount.service +++ b/src/boot/ostree-remount.service @@ -25,7 +25,7 @@ After=-.mount var.mount After=systemd-remount-fs.service # But we run *before* most other core bootup services that need write access to /etc and /var Before=local-fs.target umount.target -Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service +Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service systemd-sysusers.service Before=systemd-tmpfiles-setup.service systemd-rfkill.service systemd-rfkill.socket [Service] diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c index 497603e9d9..3babb75141 100644 --- a/src/switchroot/ostree-remount.c +++ b/src/switchroot/ostree-remount.c @@ -90,8 +90,18 @@ static void relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean is_dir) { #ifdef HAVE_SELINUX + /* Ignore ENOENT, because if there is no file to relabel we can continue, + * systemd-sysusers runs in parallel and can create temporary files in /etc + * causing failures like: + * "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory" + */ if (selinux_restorecon (real_path, 0)) - err (EXIT_FAILURE, "Failed to relabel %s", real_path); + { + if (errno == ENOENT) + return; + + err (EXIT_FAILURE, "Failed to relabel %s", real_path); + } if (!is_dir) return;