commit: ee3c4afdb75b98cd472b7ffbb46adc9d8a1e1b15
Author: William Hubbs <w.d.hubbs <AT> gmail <DOT> com>
AuthorDate: Fri Nov 2 23:22:11 2018 +0000
Commit: William Hubbs <williamh <AT> gentoo <DOT> org>
CommitDate: Fri Nov 2 23:22:11 2018 +0000
URL: https://gitweb.gentoo.org/proj/openrc.git/commit/?id=ee3c4afd
openrc-init: add SELinux support
This is for #173.
src/rc/openrc-init.c | 30 ++++++++++++++++++++++++++++++
1 file changed, 30 insertions(+)
diff --git a/src/rc/openrc-init.c b/src/rc/openrc-init.c
index e557c63d..c57a3b06 100644
--- a/src/rc/openrc-init.c
+++ b/src/rc/openrc-init.c
@@ -31,6 +31,10 @@
#include <sys/reboot.h>
#include <sys/wait.h>
+#ifdef HAVE_SELINUX
+# include <selinux/selinux.h>
+#endif
+
#include "helpers.h"
#include "rc.h"
#include "rc-wtmp.h"
@@ -161,10 +165,36 @@ int main(int argc, char **argv)
bool reexec = false;
sigset_t signals;
struct sigaction sa;
+#ifdef HAVE_SELINUX
+ int enforce = 0;
+#endif
if (getpid() != 1)
return 1;
+#ifdef HAVE_SELINUX
+ if (getenv("SELINUX_INIT") == NULL) {
+ if (is_selinux_enabled() != 1) {
+ if (selinux_init_load_policy(&enforce) == 0) {
+ putenv("SELINUX_INIT=YES");
+ execv(argv[0], argv);
+ } else {
+ if (enforce > 0) {
+ /*
+ * SELinux in enforcing mode but
load_policy failed
+ * At this point, we probably can't
open /dev/console,
+ * so log() won't work
+ */
+ fprintf(stderr,"Unable to load SELinux
Policy.\n");
+ fprintf(stderr,"Machine is in
enforcing mode.\n");
+ fprintf(stderr,"Halting now.\n");
+ exit(1);
+ }
+ }
+ }
+ }
+#endif
+
printf("OpenRC init version %s starting\n", VERSION);
if (argc > 1)
