From 2c2c0b9572f76dc5b9949848ea4422e5a69b1786 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Wed, 17 Mar 2004 17:58:19 +0000
Subject: disable enforcing in emergency mode for now, relabel some commonly
 mislabeled files on boot

---
 rc.d/rc.sysinit | 32 +++++++++++++++++++++++++++++++-
 1 file changed, 31 insertions(+), 1 deletion(-)

(limited to 'rc.d/rc.sysinit')

diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 3cffe13f..30b135f6 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -18,7 +18,6 @@ HOSTTYPE=`uname -m`
 unamer=`uname -r`
 eval version=`echo $unamer | awk -F '.' '{ print "(" $1 " " $2 ")" }'`
 
-
 if [ -f /etc/sysconfig/network ]; then
     . /etc/sysconfig/network
 fi
@@ -30,6 +29,26 @@ fi
 mount -n -t proc /proc /proc
 mount -n -t sysfs /sys /sys >/dev/null 2>&1
 
+# Check SELinux status
+selinuxfs=`awk '/ selinuxfs / { print $2 }' /proc/mounts`
+SELINUX=
+if [ -n "$selinuxfs" -a  "`cat /proc/self/attr/current`" != "kernel" ]; then
+	if [ -r $selinuxfs/enforce ] ; then
+		SELINUX=`cat $selinuxfs/enforce`
+	else
+		# assume enforcing if you can't read it
+		SELINUX=1
+	fi
+fi
+
+disable_selinux() {
+	echo "*** Warning -- SELinux is active"
+	echo "*** Disabling security enforcement for system recovery."
+	echo "*** Run 'setenforce 1' to reenable."
+	echo "0" > $selinuxfs/enforce
+}
+
+
 . /etc/init.d/functions
 
 if [ "$HOSTTYPE" != "s390" -a "$HOSTTYPE" != "s390x" ]; then
@@ -294,6 +313,7 @@ if [ -z "$fastboot" -a "X$ROOTFSTYPE" != "Xnfs" -a "X$ROOTFSTYPE" != "Xnfs4" ];
 
                 str=$"(Repair filesystem)"
 		PS1="$str \# # "; export PS1
+		[ "$SELINUX" = "1" ] && disable_selinux
 		sulogin
 
 		echo $"Unmounting file systems"
@@ -361,6 +381,7 @@ if [ -d /etc/lvm/ -a -x /sbin/lvm ]; then
     fi
     /bin/rm -f /dev/mapper/control
     echo "mkdmnod" | /sbin/nash --quiet >/dev/null 2>&1
+    [ -n "$SELINUX" ] && restorecon /dev/mapper/control
     if [ -e /dev/mapper/control -a -x /sbin/lvm ]; then
 	action $"Setting up Logical Volume Management:" /sbin/lvm vgscan --mknodes && /sbin/lvm vgchange -a y
     fi
@@ -377,6 +398,13 @@ fi
 update_boot_stage RCswap
 action $"Activating swap partitions: " swapon -a -e
 
+# Clean up SELinux labels
+if [ -n "$SELINUX" ]; then
+   for file in /etc/mtab /etc/ld.so.cache ; do
+   	[ -r $file ] && restorecon -v $file
+   done
+fi
+
 # Clear mtab
 > /etc/mtab
 
@@ -504,6 +532,7 @@ if [ -f /etc/raidtab ]; then
 
  		str=$"(RAID Repair)"
 		PS1="$str \# # "; export PS1
+		[ "$SELINUX" = "1" ] && disable_selinux
 		sulogin
 
 		echo $"Unmounting file systems"
@@ -557,6 +586,7 @@ if [ -z "$fastboot" ]; then
 
 		str=$"(Repair filesystem)"
 		PS1="$str \# # "; export PS1
+		[ "$SELINUX" = "1" ] && disable_selinux
 		sulogin
 
 		echo $"Unmounting file systems"
-- 
cgit v1.2.1