[Pkg-sysvinit-devel] Bug#580272: sysvinit: Does not load SELinux policy

Petter Reinholdtsen pere at hungry.com
Wed May 5 19:07:23 UTC 2010


[Martin Orr]
> With sysvinit 2.88dsf-2 there are no such messages and policy is
> never loaded.

Hm, that is nasty.  Any idea what is wrong with the relevant code in
src/init.d?  The current one look like this:

#ifdef WITH_SELINUX
        if (getenv("SELINUX_INIT") == NULL) {
          const int rc = mount("proc", "/proc", "proc", 0, 0);
          if (is_selinux_enabled() > 0) {
            putenv("SELINUX_INIT=YES");
            if (rc == 0) umount2("/proc", MNT_DETACH);
            if (selinux_init_load_policy(&enforce) == 0) {
              execv(myname, argv);
            } else {
              if (enforce > 0) {
                /* SELinux in enforcing mode but load_policy failed */
                /* At this point, we probably can't open /dev/console, so log() wo
n't work */
                fprintf(stderr,"Unable to load SELinux Policy. Machine is in enfor
cing mode. Halting now.\n");
                exit(1);
              }
            }
          }
          if (rc == 0) umount2("/proc", MNT_DETACH);
        }
#endif

I do not know the selinux stuff myself, so I need help from someone
who can test fixes. :)

Happy hacking,
-- 
Petter Reinholdtsen





More information about the Pkg-sysvinit-devel mailing list