More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch.
It makes busybox invoke the libselinux library function to load the binary policy right at system start-up. It was successfully tested on a mini-SELinux system. Note: requires recent libselinux. I'm using 1.28.
This commit is contained in:
Rob Landley
parent
d1f8c1c125
commit
b3ede5abe2
21
init/init.c
21
init/init.c
@ -39,6 +39,11 @@
|
||||
#endif
|
||||
|
||||
|
||||
#ifdef CONFIG_SELINUX
|
||||
# include <selinux/selinux.h>
|
||||
#endif /* CONFIG_SELINUX */
|
||||
|
||||
|
||||
#define INIT_BUFFS_SIZE 256
|
||||
|
||||
/* From <linux/vt.h> */
|
||||
@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv)
|
||||
parse_inittab();
|
||||
}
|
||||
|
||||
#ifdef CONFIG_SELINUX
|
||||
if (getenv("SELINUX_INIT") == NULL) {
|
||||
int enforce = 0;
|
||||
|
||||
putenv("SELINUX_INIT=YES");
|
||||
if (selinux_init_load_policy(&enforce) == 0) {
|
||||
execv(argv[0], argv);
|
||||
} else if (enforce > 0) {
|
||||
/* SELinux in enforcing mode but load_policy failed */
|
||||
/* At this point, we probably can't open /dev/console, so log() won't work */
|
||||
message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
#endif /* CONFIG_SELINUX */
|
||||
|
||||
/* Make the command line just say "init" -- thats all, nothing else */
|
||||
fixup_argv(argc, argv, "init");
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user