diff options
author | Bill Nottingham <notting@redhat.com> | 2010-06-03 16:38:18 -0400 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2010-06-03 16:40:14 -0400 |
commit | f6b18247155df53e10d42472eb95d519565eb560 (patch) | |
tree | ac157f655c072634d1632f810868dfdb5bc180f5 | |
parent | a3712c0ee32cf45438d82ed8582045de0fefa145 (diff) | |
download | initscripts-f6b18247155df53e10d42472eb95d519565eb560.tar initscripts-f6b18247155df53e10d42472eb95d519565eb560.tar.gz initscripts-f6b18247155df53e10d42472eb95d519565eb560.tar.bz2 initscripts-f6b18247155df53e10d42472eb95d519565eb560.tar.xz initscripts-f6b18247155df53e10d42472eb95d519565eb560.zip |
Always reboot on autorelabel. (#595823)
It's not just init that could be mislabeled and cause problems;
there's udev, random other command from rc.sysinit, etc. Furthermore,
this avoids a problem with ending up in permissive mode.
-rwxr-xr-x | rc.d/rc.sysinit | 28 |
1 files changed, 9 insertions, 19 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index 03490a1e..55b5b435 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -56,43 +56,33 @@ disable_selinux() { relabel_selinux() { # if /sbin/init is not labeled correctly this process is running in the # wrong context, so a reboot will be required after relabel - REBOOTFLAG=$(restorecon -v /sbin/init) AUTORELABEL= . /etc/selinux/config - if [ "$AUTORELABEL" = "0" ]; then - rm -f /.autorelabel + echo "0" > /selinux/enforce + [ -n "$PLYMOUTH" ] && plymouth --hide-splash - [ -n "$PLYMOUTH" ] && plymouth --hide-splash + if [ "$AUTORELABEL" = "0" ]; then echo echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. " echo $"*** /etc/selinux/config indicates you want to manually fix labeling" echo $"*** problems. Dropping you to a shell; the system will reboot" echo $"*** when you leave the shell." - echo "0" > /selinux/enforce sulogin - echo $"Unmounting file systems" - umount -a - mount -n -o remount,ro / - echo $"Automatic reboot in progress." - reboot -f else - [ -n "$PLYMOUTH" ] && plymouth --hide-splash echo echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required." echo $"*** Relabeling could take a very long time, depending on file" echo $"*** system size and speed of hard drives." - echo "0" > /selinux/enforce /sbin/fixfiles -F restore > /dev/null 2>&1 - rm -f /.autorelabel - if [ ! -z "$REBOOTFLAG" ]; then - echo $"Automatic reboot in progress." - reboot -f - fi - echo $SELINUX_STATE > /selinux/enforce - [ -n "$PLYMOUTH" ] && plymouth --show-splash fi + rm -f /.autorelabel + echo $"Unmounting file systems" + umount -a + mount -n -o remount,ro / + echo $"Automatic reboot in progress." + reboot -f } key_is_random() { |