diff options
author | Victor Lowther <victor.lowther@gmail.com> | 2009-10-05 19:05:44 -0500 |
---|---|---|
committer | Victor Lowther <victor.lowther@gmail.com> | 2009-10-07 10:00:51 -0500 |
commit | 76e534e17db7c50fe89c8878b4fccfce837380dd (patch) | |
tree | fe9c40295c3b736380bda82c425c59f4edc52235 | |
parent | 3dd50ddfef09ffcbe981d4e36becf91a53b9b6da (diff) |
Do not worry at all about selinux stuff if we cannot find load_policyvlowther-cleanups
-rwxr-xr-x | modules.d/99base/selinux-loadpolicy.sh | 45 |
1 files changed, 20 insertions, 25 deletions
diff --git a/modules.d/99base/selinux-loadpolicy.sh b/modules.d/99base/selinux-loadpolicy.sh index 9e95b8d..7599355 100755 --- a/modules.d/99base/selinux-loadpolicy.sh +++ b/modules.d/99base/selinux-loadpolicy.sh @@ -3,25 +3,24 @@ rd_load_policy() { - - SELINUX="enforcing" - [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config" - - # If SELinux is disabled exit now - getarg "selinux=0" > /dev/null - if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then - return 0 - fi - - # Check whether SELinux is in permissive mode - permissive=0 - getarg "enforcing=0" > /dev/null - if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then - permissive=1 - fi - + # Attempt to load SELinux Policy if [ -x "$NEWROOT/usr/sbin/load_policy" -o -x "$NEWROOT/sbin/load_policy" ]; then + SELINUX="enforcing" + [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config" + + # If SELinux is disabled exit now + getarg "selinux=0" > /dev/null + if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then + return 0 + fi + + # Check whether SELinux is in permissive mode + permissive=0 + getarg "enforcing=0" > /dev/null + if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then + permissive=1 + fi ret=0 info "Loading SELinux policy" { @@ -35,11 +34,11 @@ rd_load_policy() ret=$? fi } 2>&1 | vinfo - + if [ $ret -eq 0 -o $ret -eq 2 ]; then return 0 fi - + warn "Initial SELinux policy load failed." if [ $ret -eq 3 -o $permissive -eq 0 ]; then warn "Machine in enforcing mode." @@ -48,12 +47,8 @@ rd_load_policy() exit 1 fi return 0 - elif [ $permissive -eq 0 ]; then - warn "Machine in enforcing mode and cannot execute load_policy." - warn "To disable selinux, add selinux=0 to the kernel command line." - warn "Not continuing" - sleep 100d - exit 1 + else + return 0 fi } |