|
| From: | Martin Orr |
| Subject: | [sysvinit-devel] Re: [Pkg-sysvinit-devel] Bug#580272: sysvinit 2.88 and SELinux policy |
| Date: | Wed, 12 May 2010 23:18:21 +0100 |
| User-agent: | Internet Messaging Program (IMP) H3 (4.0.5) |
On Wed 12 May 13:17:46 2010, Petter Reinholdtsen wrote:
[Michal Svoboda]And why we want that? Because the function checks if we already have a policy loaded in the kernel. 1 means yes, 0 means no and -1 means no as well. No need to mess with mounting /proc ;-)Can you test this patch and let me know if it work?
This patch works for me, and so far as I understand things it should cover all the cases (no initrd, non-SELinux aware initrd, initrd that loads SELinux policy) though I only tested the non-SELinux aware initrd case.
Thanks, Martin Orr
Index: src/init.c
===================================================================
--- src/init.c (revision 1888)
+++ src/init.c (working copy)
@@ -54,10 +54,6 @@
#ifdef WITH_SELINUX
# include <selinux/selinux.h>
-# include <sys/mount.h>
-# ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
-# define MNT_DETACH 2
-# endif
#endif
#ifdef __i386__
@@ -2869,11 +2865,9 @@
#ifdef WITH_SELINUX
if (getenv("SELINUX_INIT") == NULL) {
- const int rc = mount("proc", "/proc", "proc", 0, 0);
- if (is_selinux_enabled() > 0) {
- putenv("SELINUX_INIT=YES");
- if (rc == 0) umount2("/proc", MNT_DETACH);
+ if (is_selinux_enabled() != 1) {
if (selinux_init_load_policy(&enforce) == 0) {
+ putenv("SELINUX_INIT=YES");
execv(myname, argv);
} else {
if (enforce > 0) {
@@ -2884,7 +2878,6 @@
}
}
}
- if (rc == 0) umount2("/proc", MNT_DETACH);
}
#endif
/* Start booting. */
| [Prev in Thread] | Current Thread | [Next in Thread] |