From: Eric Curtin Date: Tue, 18 Jun 2024 14:06:12 +0000 (+0100) Subject: remount: ignore ENOENT error during SELinux relabeling X-Git-Tag: archive/raspbian/2024.8-1+rpi1^2~7^2~1^2~9^2 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=e25ca8099f85f8ee22e66631b0d14b6eb612f620;p=ostree.git remount: ignore ENOENT error during SELinux relabeling Ignore ENOENT error in selinux_restorecon to avoid failures when temporary files created by systemd-sysusers in /etc are missing during relabeling. This prevents errors such as: "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory" and allows the process to continue. Co-Authored-By: Alexander Larsson Signed-off-by: Eric Curtin --- diff --git a/src/boot/ostree-remount.service b/src/boot/ostree-remount.service index 7c0d01a3..3a8b4b20 100644 --- a/src/boot/ostree-remount.service +++ b/src/boot/ostree-remount.service @@ -25,7 +25,7 @@ After=-.mount var.mount After=systemd-remount-fs.service # But we run *before* most other core bootup services that need write access to /etc and /var Before=local-fs.target umount.target -Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service +Before=systemd-random-seed.service plymouth-read-write.service systemd-journal-flush.service systemd-sysusers.service Before=systemd-tmpfiles-setup.service systemd-rfkill.service systemd-rfkill.socket [Service] diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c index 497603e9..3babb751 100644 --- a/src/switchroot/ostree-remount.c +++ b/src/switchroot/ostree-remount.c @@ -90,8 +90,18 @@ static void relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean is_dir) { #ifdef HAVE_SELINUX + /* Ignore ENOENT, because if there is no file to relabel we can continue, + * systemd-sysusers runs in parallel and can create temporary files in /etc + * causing failures like: + * "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory" + */ if (selinux_restorecon (real_path, 0)) - err (EXIT_FAILURE, "Failed to relabel %s", real_path); + { + if (errno == ENOENT) + return; + + err (EXIT_FAILURE, "Failed to relabel %s", real_path); + } if (!is_dir) return;