More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch.

It makes busybox invoke the libselinux library function to load the binary
policy right at system start-up. It was successfully tested on a mini-SELinux
system.  Note: requires recent libselinux. I'm using 1.28.
1_1_stable
Rob Landley 2006-03-27 23:09:12 +00:00
parent d1f8c1c125
commit b3ede5abe2
1 changed files with 21 additions and 0 deletions

View File

@ -39,6 +39,11 @@
#endif
#ifdef CONFIG_SELINUX
# include <selinux/selinux.h>
#endif /* CONFIG_SELINUX */
#define INIT_BUFFS_SIZE 256
/* From <linux/vt.h> */
@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv)
parse_inittab();
}
#ifdef CONFIG_SELINUX
if (getenv("SELINUX_INIT") == NULL) {
int enforce = 0;
putenv("SELINUX_INIT=YES");
if (selinux_init_load_policy(&enforce) == 0) {
execv(argv[0], argv);
} else if (enforce > 0) {
/* SELinux in enforcing mode but load_policy failed */
/* At this point, we probably can't open /dev/console, so log() won't work */
message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
exit(1);
}
}
#endif /* CONFIG_SELINUX */
/* Make the command line just say "init" -- thats all, nothing else */
fixup_argv(argc, argv, "init");