[Unit]
Description=Reset SELinux policy to factory default
DefaultDependencies=no
Requires=local-fs.target
Conflicts=shutdown.target
After=local-fs.target
Before=sysinit.target shutdown.target
ConditionSecurity=selinux
ConditionKernelCommandLine=|selinux-factory-reset
ConditionPathExists=|!/var/lib/selinux/%I/active/policy.kern
[Service]
ExecStart=/usr/libexec/selinux/selinux-factory-reset %I
Type=oneshot
TimeoutSec=0
RemainAfterExit=yes
StandardInput=tty