From 04ab8766f41e79b2e59689cc2c6f14c04fff1a8e Mon Sep 17 00:00:00 2001 From: Kyle Gospodnetich Date: Mon, 22 Jan 2024 22:47:14 -0800 Subject: [PATCH] chore: Use same design as other selinux workarounds --- .../systemd/system/incus-workaround.service | 32 ++++++++++++------- .../usr/lib/tmpfiles.d/incus-workaround.conf | 3 ++ 2 files changed, 24 insertions(+), 11 deletions(-) create mode 100644 system_files/desktop/shared/usr/lib/tmpfiles.d/incus-workaround.conf diff --git a/system_files/desktop/shared/usr/lib/systemd/system/incus-workaround.service b/system_files/desktop/shared/usr/lib/systemd/system/incus-workaround.service index e498c97c..f2956bd6 100644 --- a/system_files/desktop/shared/usr/lib/systemd/system/incus-workaround.service +++ b/system_files/desktop/shared/usr/lib/systemd/system/incus-workaround.service @@ -1,5 +1,5 @@ [Unit] -Description=Workaround SELinux issues with Incus... +Description=Workaround Incus not having the correct label ConditionPathExists=/usr/bin/incus ConditionPathExists=/usr/bin/incus-agent ConditionPathExists=/usr/lib/incus @@ -7,16 +7,26 @@ After=local-fs.target [Service] Type=oneshot -ExecStart=/usr/bin/mount --bind -o rw /usr/bin/incus /usr/bin/incus -ExecStart=/usr/bin/mount --bind -o rw /usr/bin/incus-agent /usr/bin/incus-agent -ExecStart=/usr/bin/mount --bind -o rw /usr/lib/incus /usr/lib/incus -ExecStart=/usr/sbin/restorecon -R -v /usr/bin/incus -ExecStart=/usr/sbin/restorecon -R -v /usr/bin/incus-agent -ExecStart=/usr/sbin/restorecon -R -v /usr/lib/incus -ExecStart=/usr/bin/umount /usr/bin/incus -ExecStart=/usr/bin/umount /usr/bin/incus-agent -ExecStart=/usr/bin/umount /usr/lib/incus -RemainAfterExit=true +# Copy if it doesn't exist +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/.incus ] || /usr/bin/cp $(readlink /usr/bin/incus) /usr/local/bin/.incus" +ExecStartPre=/usr/bin/bash -c "[ -x /usr/local/bin/.incus-agent ] || /usr/bin/cp $(readlink /usr/bin/incus-agent) /usr/local/bin/.incus-agent" +ExecStartPre=/usr/bin/bash -c "[ -d /usr/local/lib/.incus ] || /usr/bin/cp -r /usr/lib/incus /usr/local/lib/.incus" +# This is faster than using .mount unit. Also allows for the previous line/cleanup +ExecStartPre=/usr/bin/mount --bind /usr/local/bin/.incus /usr/bin/incus +ExecStartPre=/usr/bin/mount --bind /usr/local/bin/.incus-agent /usr/bin/incus-agent +ExecStartPre=/usr/bin/mount --bind /usr/local/lib/.incus /usr/lib/incus +# Fix SELinux label +ExecStart=/usr/sbin/restorecon -R /usr/bin/incus +ExecStart=/usr/sbin/restorecon -R /usr/bin/incus-agent +ExecStart=/usr/sbin/restorecon -R /usr/lib/incus +# Clean-up after ourselves +ExecStop=/usr/bin/umount /usr/bin/incus +ExecStop=/usr/bin/umount /usr/bin/incus-agent +ExecStop=/usr/bin/umount /usr/lib/incus +ExecStop=/usr/bin/rm -r /usr/local/bin/.incus +ExecStop=/usr/bin/rm -r /usr/local/bin/.incus-agent +ExecStop=/usr/bin/rm -r /usr/local/lib/.incus +RemainAfterExit=yes [Install] WantedBy=multi-user.target diff --git a/system_files/desktop/shared/usr/lib/tmpfiles.d/incus-workaround.conf b/system_files/desktop/shared/usr/lib/tmpfiles.d/incus-workaround.conf new file mode 100644 index 00000000..57172994 --- /dev/null +++ b/system_files/desktop/shared/usr/lib/tmpfiles.d/incus-workaround.conf @@ -0,0 +1,3 @@ +C /usr/local/bin/.incus - - - - /usr/bin/incus +C /usr/local/bin/.incus-agent - - - - /usr/bin/incus-agent +C /usr/local/lib/.incus - - - - /usr/lib/incus