From b3ede5abe2de41760a806ad7b5a8e40018abc2f4 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Mon, 27 Mar 2006 23:09:12 +0000 Subject: More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch. It makes busybox invoke the libselinux library function to load the binary policy right at system start-up. It was successfully tested on a mini-SELinux system. Note: requires recent libselinux. I'm using 1.28. --- init/init.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'init') diff --git a/init/init.c b/init/init.c index 704cfccda..575ab9775 100644 --- a/init/init.c +++ b/init/init.c @@ -39,6 +39,11 @@ #endif +#ifdef CONFIG_SELINUX +# include +#endif /* CONFIG_SELINUX */ + + #define INIT_BUFFS_SIZE 256 /* From */ @@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv) parse_inittab(); } +#ifdef CONFIG_SELINUX + if (getenv("SELINUX_INIT") == NULL) { + int enforce = 0; + + putenv("SELINUX_INIT=YES"); + if (selinux_init_load_policy(&enforce) == 0) { + execv(argv[0], argv); + } else if (enforce > 0) { + /* SELinux in enforcing mode but load_policy failed */ + /* At this point, we probably can't open /dev/console, so log() won't work */ + message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now."); + exit(1); + } + } +#endif /* CONFIG_SELINUX */ + /* Make the command line just say "init" -- thats all, nothing else */ fixup_argv(argc, argv, "init"); -- cgit v1.2.3