Post by John Reiser
If systemd is running as the init process on a system that uses selinux,
then mysterious bad things are likely to happen if the selinux context
So, I'd like to see systemd diagnose this situation. Please comment,
and give a hint about where and how to implement such an enhancement.
When initializing systemd uses the label to figure out whether selinux
still needs initialization. See:
Hence, if we see the label isn't "kernel", then we won't do any
further initialization under the assumption is already has been done.
Any debugging code would have to be added to a similar location
It would actually be great if the selinux libraries would return
proper errors. Currently, we can't generate much useful output since
we have no idea what selinux failed on, as its APIs generally just
return "-1" on failure and "0" on success without any further hint
what went wrong... Actually, for a professional project that's kinda
poor error handling in general...
(That said, maybe the actually do report proper errors these days, but
if they do then that fact is still pretty much undocumented, which
means we still can't rely on using errno or such...)
Lennart Poettering, Red Hat