diff options
author | Rob Landley | 2006-03-27 23:09:12 +0000 |
---|---|---|
committer | Rob Landley | 2006-03-27 23:09:12 +0000 |
commit | b3ede5abe2de41760a806ad7b5a8e40018abc2f4 (patch) | |
tree | 8ede2bdcfc640009b3b2bba627fb5edfc87a8242 | |
parent | d1f8c1c1258d400610e2fa136fb15cc8dfb4ffe6 (diff) | |
download | busybox-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.zip busybox-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.gz |
More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch.
It makes busybox invoke the libselinux library function to load the binary
policy right at system start-up. It was successfully tested on a mini-SELinux
system. Note: requires recent libselinux. I'm using 1.28.
-rw-r--r-- | init/init.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/init/init.c b/init/init.c index 704cfcc..575ab97 100644 --- a/init/init.c +++ b/init/init.c @@ -39,6 +39,11 @@ #endif +#ifdef CONFIG_SELINUX +# include <selinux/selinux.h> +#endif /* CONFIG_SELINUX */ + + #define INIT_BUFFS_SIZE 256 /* From <linux/vt.h> */ @@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv) parse_inittab(); } +#ifdef CONFIG_SELINUX + if (getenv("SELINUX_INIT") == NULL) { + int enforce = 0; + + putenv("SELINUX_INIT=YES"); + if (selinux_init_load_policy(&enforce) == 0) { + execv(argv[0], argv); + } else if (enforce > 0) { + /* SELinux in enforcing mode but load_policy failed */ + /* At this point, we probably can't open /dev/console, so log() won't work */ + message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now."); + exit(1); + } + } +#endif /* CONFIG_SELINUX */ + /* Make the command line just say "init" -- thats all, nothing else */ fixup_argv(argc, argv, "init"); |