Bug#550693: selinux-basics: selinux-activate does not handle grub2

Mon, 12 Oct 2009 03:04:37 -0700 

Package: selinux-basics
Version: 0.3.5
Severity: normal


Hello,

/usr/bin/selinux-activate does not currently handle grub2's config
file /etc/default/grub. The relevant config entry is
GRUB_CMDLINE_LINUX. This variable may already have something assigned
to it and the string "selinux=1" needs to be appended to the old
string.

A possible patch for /usr/bin/selinux-activate is attached.

Regards,

Kapil.
--

-- System Information:
Debian Release: squeeze/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.30-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages selinux-basics depends on:
ii  checkpolicy                   2.0.19-1   SELinux policy compiler
ii  policycoreutils               2.0.72-2   SELinux core policy utilities
ii  python                        2.5.4-2    An interactive high-level object-o
ii  selinux-utils                 2.0.85-4   SELinux utility programs

Versions of packages selinux-basics recommends:
ii  selinux-policy-default  2:0.2.20090828-1 Strict and Targeted variants of th
pn  setools                 <none>           (no description available)

Versions of packages selinux-basics suggests:
pn  logcheck                      <none>     (no description available)
ii  syslog-summary                1.14-1     summarize the contents of a syslog

-- no debconf information

--- /usr/sbin/selinux-activate  2008-09-09 10:02:21.000000000 +0530
+++ /tmp/selinux-activate       2009-10-12 11:36:32.000000000 +0530
@@ -1,6 +1,7 @@
 #!/bin/sh -e
 
 GRUB_CONF=/boot/grub/menu.lst
+GRUB2_CONF=/etc/default/grub
 PAM_LOGIN=/etc/pam.d/login
 
 if [ "$1" != "disable" ]; then
@@ -12,6 +13,13 @@
       update-grub
     fi
   fi
+  if [ -e $GRUB2_CONF ]; then
+    if ! grep -q selinux $GRUB2_CONF ; then
+      sed -e 's/\(^GRUB_CMDLINE_LINUX="\)/\1selinux=1 /' < $GRUB2_CONF > 
$GRUB2_CONF.new
+      mv $GRUB2_CONF.new $GRUB2_CONF
+      update-grub
+    fi
+  fi
   sed -e "s/^# \(.*selinux.*$\)/\1/" < $PAM_LOGIN > $PAM_LOGIN.new
   mv $PAM_LOGIN.new $PAM_LOGIN
   for n in kdm wdm ; do
@@ -36,6 +44,10 @@
     sed -e "s/ selinux=1//" < $GRUB_CONF > $GRUB_CONF.new
     mv $GRUB_CONF.new $GRUB_CONF
   fi
+  if [ -e $GRUB2_CONF ]; then
+    sed -e "s/selinux=1 //" -e"s/ selinux=1//" < $GRUB2_CONF > $GRUB2_CONF.new
+    mv $GRUB2_CONF.new $GRUB2_CONF
+  fi
   sed -e "s/\(^.*selinux.*$\)/# \1/" < $PAM_LOGIN > $PAM_LOGIN.new
   mv $PAM_LOGIN.new $PAM_LOGIN
   for n in gdm kdm ; do

Reply via email to