-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I wrote a systemd unit file to enable it, and to allow a user to disable the feature if he wants. # cat /usr/lib/systemd/system/selinux-checkreqprot.service [Unit] Description=SELinux check actual protection flags applied by kernel, rather than checking what application requested. [Service] Type=oneshot RemainAfterExit=yes Environment="CHECKREQPROT=0" EnvironmentFile=-/etc/selinux/config ExecStart=/bin/sh -c '/bin/echo $CHECKREQPROT > /sys/fs/selinux/checkreqprot' I would like to enable this service on the post install of a initial install of libselinux. But I believe this will not happen with %systemd_post_enable selinux-checkreqprot.service How would I go about doing this? I know there is one problem in the unit file, it will fail if /sys/fs/selinux/checkreqprot, does not exist. Is their an easy check to just exit if this file does not exist? Also is using a unit file for this, the best way to handle this? -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlLihVAACgkQrlYvE4MpobNpZACfbC5WmT7GUirmcBIri1BJOs33 DcMAnA24d4xumzT4vBPWbLSeEnQwj1VU =Kswu -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
