Blame selinux-check-proper-disable.service
Branch: c9s-sig-hyperscale
Ondrej Mosnacek
fd6943
[Unit]
Ondrej Mosnacek
fd6943
Description=Check that SELinux is not disabled the unsafe way
Ondrej Mosnacek
fd6943
ConditionKernelCommandLine=!selinux=0
Ondrej Mosnacek
fd6943
After=sysinit.target
Ondrej Mosnacek
fd6943
Ondrej Mosnacek
fd6943
[Service]
Ondrej Mosnacek
fd6943
Type=oneshot
Ondrej Mosnacek
fd6943
EnvironmentFile=/etc/selinux/config
Ondrej Mosnacek
fd6943
ExecCondition=test "$SELINUX" = disabled
Ondrej Mosnacek
fd6943
ExecStart=/usr/bin/echo 'SELINUX=disabled in /etc/selinux/config, but no selinux=0 on kernel command line - SELinux may not be fully disabled. Please update bootloader configuration to pass selinux=0 to kernel at boot.'
Ondrej Mosnacek
fd6943
StandardOutput=journal+console
Ondrej Mosnacek
fd6943
SyslogLevel=warning
Ondrej Mosnacek
fd6943
Ondrej Mosnacek
fd6943
[Install]
Ondrej Mosnacek
fd6943
WantedBy=multi-user.target