summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Landley2006-03-27 23:09:12 +0000
committerRob Landley2006-03-27 23:09:12 +0000
commitb3ede5abe2de41760a806ad7b5a8e40018abc2f4 (patch)
tree8ede2bdcfc640009b3b2bba627fb5edfc87a8242
parentd1f8c1c1258d400610e2fa136fb15cc8dfb4ffe6 (diff)
downloadbusybox-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.zip
busybox-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.gz
More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch.
It makes busybox invoke the libselinux library function to load the binary policy right at system start-up. It was successfully tested on a mini-SELinux system. Note: requires recent libselinux. I'm using 1.28.
-rw-r--r--init/init.c21
1 files changed, 21 insertions, 0 deletions
diff --git a/init/init.c b/init/init.c
index 704cfcc..575ab97 100644
--- a/init/init.c
+++ b/init/init.c
@@ -39,6 +39,11 @@
#endif
+#ifdef CONFIG_SELINUX
+# include <selinux/selinux.h>
+#endif /* CONFIG_SELINUX */
+
+
#define INIT_BUFFS_SIZE 256
/* From <linux/vt.h> */
@@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv)
parse_inittab();
}
+#ifdef CONFIG_SELINUX
+ if (getenv("SELINUX_INIT") == NULL) {
+ int enforce = 0;
+
+ putenv("SELINUX_INIT=YES");
+ if (selinux_init_load_policy(&enforce) == 0) {
+ execv(argv[0], argv);
+ } else if (enforce > 0) {
+ /* SELinux in enforcing mode but load_policy failed */
+ /* At this point, we probably can't open /dev/console, so log() won't work */
+ message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
+ exit(1);
+ }
+ }
+#endif /* CONFIG_SELINUX */
+
/* Make the command line just say "init" -- thats all, nothing else */
fixup_argv(argc, argv, "init");