This is for consistency and to aid in debugging. Signed-off-by: Philip Tricca <fl...@twobit.us> --- recipes-security/selinux/selinux-config/selinux-init.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh index 1cdc3dd..8f3efac 100644 --- a/recipes-security/selinux/selinux-config/selinux-init.sh +++ b/recipes-security/selinux/selinux-config/selinux-init.sh @@ -6,8 +6,10 @@ CHCON=/usr/bin/chcon MATCHPATHCON=/usr/sbin/matchpathcon FIXFILES=/sbin/fixfiles RESTORECON=/sbin/restorecon +SECON=/usr/bin/secon +SETENFORCE=/usr/sbin/setenforce -for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ; do +for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ${SECON} ${SETENFORCE}; do test -x $i && continue echo "$i is missing in the system." echo "Please add \"selinux=0\" in the kernel command line to disable SELinux." @@ -51,12 +53,12 @@ fi # If first booting, the security context type of init would be # "kernel_t", and the whole file system should be relabeled. -if [ "`/usr/bin/secon -t --pid 1`" = "kernel_t" ]; then +if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then echo "Checking SELinux security contexts:" check_rootfs echo " * First booting, filesystem will be relabeled..." test -x /etc/init.d/auditd && /etc/init.d/auditd start - /usr/sbin/setenforce 0 + ${SETENFORCE} 0 ${RESTORECON} -R / ${RESTORECON} / echo " * Relabel done, rebooting the system." -- 1.7.10.4 _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto