systemd-sysusers: change execution order

systemd-sysusers might run while the /etc tmpfs filesystem is still being set up, which results on failures on the service when it tries to read SELinux configuration files. With this change, systemd-sysusers is forced to run after the required SELinux configuration files are in place. Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
bottlerocket-os · Jan 20, 2024 · 0a1425e · 0a1425e
1 parent 7452c37
commit 0a1425e
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/packages/systemd/systemd-sysusers.conf b/packages/systemd/systemd-sysusers.conf
@@ -0,0 +1,2 @@
+[Unit]
+After=selinux-policy-files.service
diff --git a/packages/systemd/systemd.spec b/packages/systemd/systemd.spec
@@ -13,6 +13,7 @@ Source2: systemd-modules-load.conf
 Source3: journald.conf
 Source4: issue
 Source5: systemd-journald.conf
+Source6: systemd-sysusers.conf
 
 # Backport of upstream patches that make the netlink default timeout
 # configurable.  Bottlerocket carries this patch and configures the timeout in
@@ -302,6 +303,9 @@ install -p -m 0644 %{S:3} %{buildroot}%{_cross_libdir}/systemd/journald.conf.d/j
 install -d %{buildroot}%{_cross_unitdir}/systemd-journald.service.d
 install -p -m 0644 %{S:5} %{buildroot}%{_cross_unitdir}/systemd-journald.service.d/systemd-journald.conf
 
+install -d %{buildroot}%{_cross_unitdir}/systemd-sysusers.service.d
+install -p -m 0644 %{S:6} %{buildroot}%{_cross_unitdir}/systemd-sysusers.service.d/systemd-sysusers.conf
+
 # Remove all stock network configurations, as they can interfere
 # with container networking by attempting to manage veth devices.
 rm -f %{buildroot}%{_cross_libdir}/systemd/network/*