emo/openrc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

openrc-init: add SELinux support

Browse Source 
This is for #173.
This commit is contained in:
William Hubbs 2018-11-02 18:22:11 -05:00
parent e2416d0893
commit ee3c4afdb7
1 changed files with 30 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
src/rc/openrc-init.c
View File

@ -31,6 +31,10 @@
#include <sys/reboot.h> #include <sys/reboot.h>
#include <sys/wait.h> #include <sys/wait.h>
#ifdef HAVE_SELINUX
# include <selinux/selinux.h>
#endif
#include "helpers.h" #include "helpers.h"
#include "rc.h" #include "rc.h"
#include "rc-wtmp.h" #include "rc-wtmp.h"
@ -161,10 +165,36 @@ int main(int argc, char **argv)
bool reexec = false; bool reexec = false;
sigset_t signals; sigset_t signals;
struct sigaction sa; struct sigaction sa;
#ifdef HAVE_SELINUX
int enforce = 0;
#endif
if (getpid() != 1) if (getpid() != 1)
return 1; return 1;
#ifdef HAVE_SELINUX
if (getenv("SELINUX_INIT") == NULL) {
if (is_selinux_enabled() != 1) {
if (selinux_init_load_policy(&enforce) == 0) {
putenv("SELINUX_INIT=YES");
execv(argv[0], argv);
} else {
if (enforce > 0) {
/*
* SELinux in enforcing mode but load_policy failed
* At this point, we probably can't open /dev/console,
* so log() won't work
*/
fprintf(stderr,"Unable to load SELinux Policy.\n");
fprintf(stderr,"Machine is in enforcing mode.\n");
fprintf(stderr,"Halting now.\n");
exit(1);
}
}
}
}
#endif
printf("OpenRC init version %s starting\n", VERSION); printf("OpenRC init version %s starting\n", VERSION);
if (argc > 1) if (argc > 1)