[Pkg-sysvinit-devel] Bug#580272: Bug#580272: sysvinit 2.88 and SELinux policy

Martin Orr martin at martinorr.name
Wed May 12 22:18:21 UTC 2010


On Wed 12 May 13:17:46 2010, Petter Reinholdtsen wrote:

> [Michal Svoboda]
>> And why we want that? Because the function checks if we already have
>> a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
>> no as well. No need to mess with mounting /proc ;-)
>
> Can you test this patch and let me know if it work?

This patch works for me, and so far as I understand things it should 
cover all the cases (no initrd, non-SELinux aware initrd, initrd that 
loads SELinux policy) though I only tested the non-SELinux aware initrd 
case.

Thanks,
Martin Orr

> Index: src/init.c
> ===================================================================
> --- src/init.c  (revision 1888)
> +++ src/init.c  (working copy)
> @@ -54,10 +54,6 @@
>
>  #ifdef WITH_SELINUX
>  #  include <selinux/selinux.h>
> -#  include <sys/mount.h>
> -#  ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
> -#    define MNT_DETACH 2
> -#  endif
>  #endif
>
>  #ifdef __i386__
> @@ -2869,11 +2865,9 @@
>
>  #ifdef WITH_SELINUX
>         if (getenv("SELINUX_INIT") == NULL) {
> -         const int rc = mount("proc", "/proc", "proc", 0, 0);
> -         if (is_selinux_enabled() > 0) {
> -           putenv("SELINUX_INIT=YES");
> -           if (rc == 0) umount2("/proc", MNT_DETACH);
> +         if (is_selinux_enabled() != 1) {
>             if (selinux_init_load_policy(&enforce) == 0) {
> +             putenv("SELINUX_INIT=YES");
>               execv(myname, argv);
>             } else {
>               if (enforce > 0) {
> @@ -2884,7 +2878,6 @@
>               }
>             }
>           }
> -         if (rc == 0) umount2("/proc", MNT_DETACH);
>         }
>  #endif
>         /* Start booting. */









More information about the Pkg-sysvinit-devel mailing list