Check for the availability of 'secon' and 'setenforce' in the selinux-init.sh script.

This is for consistency and to aid in debugging.

Signed-off-by: Philip Tricca <flihp@twobit.us>
Signed-off-by: Joe MacDonald <joe@deserted.net>

1 files changed, 5 insertions, 3 deletions

diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh
index 1cdc3dd..8f3efac 100644
--- a/recipes-security/selinux/selinux-config/selinux-init.sh
+++ b/recipes-security/selinux/selinux-config/selinux-init.sh
@@ -6,8 +6,10 @@ CHCON=/usr/bin/chcon
 MATCHPATHCON=/usr/sbin/matchpathcon
 FIXFILES=/sbin/fixfiles
 RESTORECON=/sbin/restorecon
+SECON=/usr/bin/secon
+SETENFORCE=/usr/sbin/setenforce
 
-for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ; do
+for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ${SECON} ${SETENFORCE}; do
         test -x $i && continue
         echo "$i is missing in the system."
         echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
@@ -51,12 +53,12 @@ fi
 
 # If first booting, the security context type of init would be
 # "kernel_t", and the whole file system should be relabeled.
-if [ "`/usr/bin/secon -t --pid 1`" = "kernel_t" ]; then
+if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
         echo "Checking SELinux security contexts:"
         check_rootfs
         echo " * First booting, filesystem will be relabeled..."
         test -x /etc/init.d/auditd && /etc/init.d/auditd start
-        /usr/sbin/setenforce 0
+        ${SETENFORCE} 0
         ${RESTORECON} -R /
         ${RESTORECON} /
         echo " * Relabel done, rebooting the system."