[Pkg-sysvinit-devel] Bug#580272: sysvinit: Does not load SELinux policy
Petter Reinholdtsen
pere at hungry.com
Wed May 5 19:07:23 UTC 2010
[Martin Orr]
> With sysvinit 2.88dsf-2 there are no such messages and policy is
> never loaded.
Hm, that is nasty. Any idea what is wrong with the relevant code in
src/init.d? The current one look like this:
#ifdef WITH_SELINUX
if (getenv("SELINUX_INIT") == NULL) {
const int rc = mount("proc", "/proc", "proc", 0, 0);
if (is_selinux_enabled() > 0) {
putenv("SELINUX_INIT=YES");
if (rc == 0) umount2("/proc", MNT_DETACH);
if (selinux_init_load_policy(&enforce) == 0) {
execv(myname, argv);
} else {
if (enforce > 0) {
/* SELinux in enforcing mode but load_policy failed */
/* At this point, we probably can't open /dev/console, so log() wo
n't work */
fprintf(stderr,"Unable to load SELinux Policy. Machine is in enfor
cing mode. Halting now.\n");
exit(1);
}
}
}
if (rc == 0) umount2("/proc", MNT_DETACH);
}
#endif
I do not know the selinux stuff myself, so I need help from someone
who can test fixes. :)
Happy hacking,
--
Petter Reinholdtsen
More information about the Pkg-sysvinit-devel
mailing list