Author: glen
Date: Fri May 31 00:48:05 2013
New Revision: 12682
Modified:
rc-scripts/trunk/rc.d/rc.sysinit
rc-scripts/trunk/sysconfig/system
Log:
move $SELINUX variable setup to function
Modified: rc-scripts/trunk/rc.d/rc.sysinit
==============================================================================
--- rc-scripts/trunk/rc.d/rc.sysinit (original)
+++ rc-scripts/trunk/rc.d/rc.sysinit Fri May 31 00:48:05 2013
@@ -72,6 +72,10 @@
# default is set in /etc/sysconfig/system
DM_MULTIPATH=no
;;
+ noselinux)
+ # default is set in /etc/sysconfig/system
+ SELINUX=no
+ ;;
nousb)
nousb=1
;;
@@ -97,6 +101,35 @@
done
}
+# setup SELINUX variable
+init_selinux() {
+ # user knows!
+ if is_no "$SELINUX"; then
+ return
+ fi
+
+ if ! grep -q selinuxfs /proc/filesystems; then
+ # no support in kernel, no chance
+ SELINUX=no
+ fi
+
+ if ! is_fsmounted selinuxfs /selinux; then
+ mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
+ fi
+
+ # Check SELinux status
+ local selinuxfs=$(awk '/ selinuxfs / { print $2 }' /proc/mounts 2>
/dev/null)
+ SELINUX=
+ if [ -n "$selinuxfs" ] && [ "$(cat /proc/self/attr/current)" !=
"kernel" ]; then
+ if [ -r $selinuxfs/enforce ] ; then
+ SELINUX=$(cat $selinuxfs/enforce)
+ else
+ # assume enforcing if you can't read it
+ SELINUX=1
+ fi
+ fi
+}
+
disable_selinux() {
local _d selinuxfs _t _r
@@ -341,10 +374,7 @@
fi
fi
- # selinux
- if grep -q selinuxfs /proc/filesystems 2>/dev/null && ! is_fsmounted
selinuxfs /selinux; then
- mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
- fi
+ init_selinux
# PLD Linux LiveCD support
if [ -x /etc/rc.d/rc.live ]; then
@@ -364,18 +394,6 @@
# Disable splash when requested
is_no "$BOOT_SPLASH" && [ -e /proc/splash ] && echo "0" > /proc/splash
- # Check SELinux status
- selinuxfs=$(awk '/ selinuxfs / { print $2 }' /proc/mounts 2> /dev/null)
- SELINUX=
- if [ -n "$selinuxfs" ] && [ "$(cat /proc/self/attr/current)" !=
"kernel" ]; then
- if [ -r $selinuxfs/enforce ] ; then
- SELINUX=$(cat $selinuxfs/enforce)
- else
- # assume enforcing if you can't read it
- SELINUX=1
- fi
- fi
-
if [ -x /sbin/restorecon ] && is_fsmounted tmpfs /dev; then
/sbin/restorecon -R /dev 2>/dev/null
fi
@@ -562,7 +580,7 @@
fi
# Clean up SELinux labels
- if [ -n "$SELINUX" ]; then
+ if is_yes "$SELINUX"; then
for file in /etc/mtab /etc/cryptomtab /etc/ld.so.cache; do
[ -r $file ] && restorecon $file >/dev/null 2>&1
done
@@ -921,8 +939,7 @@
clean_vserver_mtab
fi
-
-[ -n "$SELINUX" ] && [ -f /.autorelabel ] && relabel_selinux
+is_yes "$SELINUX" && [ -f /.autorelabel ] && relabel_selinux
# Clean up /.
rm -f /fastboot /fsckoptions /forcefsck /halt /poweroff >/dev/null 2>&1
@@ -973,7 +990,7 @@
# System protected dirs
mkdir -m 1777 -p /tmp/.ICE-unix > /dev/null 2>&1
chown root:root /tmp/.ICE-unix
-[ -n "$SELINUX" ] && restorecon /tmp/.ICE-unix >/dev/null 2>&1
+is_yes "$SELINUX" && restorecon /tmp/.ICE-unix >/dev/null 2>&1
if ! is_yes "$VSERVER"; then
run_cmd "Enabling swap space" true
Modified: rc-scripts/trunk/sysconfig/system
==============================================================================
--- rc-scripts/trunk/sysconfig/system (original)
+++ rc-scripts/trunk/sysconfig/system Fri May 31 00:48:05 2013
@@ -125,6 +125,10 @@
# Vserver isolation only networking inside of guest (yes/no/detect)
VSERVER_ISOLATION_NET=detect
+# Enable selinux support (yes/no/detect)
+# 'yes' behaves as 'detect'
+SELINUX=detect
+
# Enable syslogging for rc-scripts
RC_LOGGING=yes
_______________________________________________
pld-cvs-commit mailing list
pld-cvs-commit@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
