From 04044aa4e1269e9949b0d23daf30010fa0fff278 Mon Sep 17 00:00:00 2001 From: Philip Tricca Date: Thu, 26 Sep 2013 20:49:39 +0000 Subject: Check for the availability of 'secon' and 'setenforce' in the selinux-init.sh script. This is for consistency and to aid in debugging. Signed-off-by: Philip Tricca Signed-off-by: Joe MacDonald --- recipes-security/selinux/selinux-config/selinux-init.sh | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh index 1cdc3dd..8f3efac 100644 --- a/recipes-security/selinux/selinux-config/selinux-init.sh +++ b/recipes-security/selinux/selinux-config/selinux-init.sh @@ -6,8 +6,10 @@ CHCON=/usr/bin/chcon MATCHPATHCON=/usr/sbin/matchpathcon FIXFILES=/sbin/fixfiles RESTORECON=/sbin/restorecon +SECON=/usr/bin/secon +SETENFORCE=/usr/sbin/setenforce -for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ; do +for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ${SECON} ${SETENFORCE}; do test -x $i && continue echo "$i is missing in the system." echo "Please add \"selinux=0\" in the kernel command line to disable SELinux." @@ -51,12 +53,12 @@ fi # If first booting, the security context type of init would be # "kernel_t", and the whole file system should be relabeled. -if [ "`/usr/bin/secon -t --pid 1`" = "kernel_t" ]; then +if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then echo "Checking SELinux security contexts:" check_rootfs echo " * First booting, filesystem will be relabeled..." test -x /etc/init.d/auditd && /etc/init.d/auditd start - /usr/sbin/setenforce 0 + ${SETENFORCE} 0 ${RESTORECON} -R / ${RESTORECON} / echo " * Relabel done, rebooting the system." -- cgit v1.2.3-54-g00ecf