Oreon-Lime-R2/selinux-policy/selinux-check-proper-disable.service

16 lines
538 B
SYSTEMD
Raw Normal View History

[Unit]
Description=Check that SELinux is not disabled the unsafe way
ConditionKernelCommandLine=!selinux=0
After=sysinit.target
[Service]
Type=oneshot
EnvironmentFile=/etc/selinux/config
ExecCondition=test "$SELINUX" = disabled
ExecStart=/usr/bin/echo 'SELINUX=disabled in /etc/selinux/config, but no selinux=0 on kernel command line - SELinux may not be fully disabled. Please update bootloader configuration to pass selinux=0 to kernel at boot.'
StandardOutput=journal+console
SyslogLevel=warning
[Install]
WantedBy=multi-user.target