diff options
author | Bill Nottingham <notting@redhat.com> | 2006-05-25 20:53:09 +0000 |
---|---|---|
committer | Bill Nottingham <notting@redhat.com> | 2006-05-25 20:53:09 +0000 |
commit | 2baf49b47a4c9247b9f08af52c1bee10e99923c9 (patch) | |
tree | cd2703be3b943bbc0f3bebc18740f28b554150f0 | |
parent | b0f47a77d1ee3223f55e40e9da2d6d290ae046c7 (diff) | |
download | initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.gz initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.bz2 initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.xz initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.zip |
allow for sulogin instead of automatic relabeling (<dwalsh@redhat.com>)
-rwxr-xr-x | rc.d/rc.sysinit | 59 |
1 files changed, 39 insertions, 20 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index 9e73cc27..7451c528 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -45,9 +45,9 @@ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ] && LC_ALL=C fgrep -q " /dev " fi disable_selinux() { - echo "*** Warning -- SELinux is active" - echo "*** Disabling security enforcement for system recovery." - echo "*** Run 'setenforce 1' to reenable." + echo $"*** Warning -- SELinux is active" + echo $"*** Disabling security enforcement for system recovery." + echo $"*** Run 'setenforce 1' to reenable." echo "0" > "$selinuxfs/enforce" } @@ -58,22 +58,41 @@ relabel_selinux() { # if /sbin/init is not labeled correctly this process is running in the # wrong context, so a reboot will be reuired after relabel REBOOTFLAG=`restorecon -v /sbin/init` + AUTORELABEL= . /etc/selinux/config - echo " - *** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. *** - *** Relabelling could take a very long time, depending on file *** - *** system size and speed of hard drives. *** - " - echo "0" > "$selinuxfs/enforce" - /sbin/fixfiles restore > /dev/null 2>&1 - rm -f /.autorelabel - if [ ! -z "$REBOOTFLAG" ]; then - echo $"Automatic reboot in progress." - reboot -f - fi - echo $SELINUX_STATE > "$selinuxfs/enforce" - if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then - chvt 8 + if [ "$AUTORELABEL" = "0" ]; then + rm -f /.autorelabel + + echo + echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. " + echo $"*** /etc/selinux/config indicates you want to manually fix labeling" + echo $"*** problems. Dropping you to a shell; the system will reboot" + echo $"*** when you leave the shell." + echo "0" > $selinuxfs/enforce + sulogin + + echo $"Unmounting file systems" + umount -a + mount -n -o remount,ro / + echo $"Automatic reboot in progress." + reboot -f + else + echo + echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required." + echo $"*** Relabelling could take a very long time, depending on file" + echo $"*** system size and speed of hard drives." + + echo "0" > $selinuxfs/enforce + /sbin/fixfiles restore > /dev/null 2>&1 + rm -f /.autorelabel + if [ ! -z "$REBOOTFLAG" ]; then + echo $"Automatic reboot in progress." + reboot -f + fi + echo $SELINUX_STATE > $selinuxfs/enforce + if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then + chvt 8 + fi fi } @@ -306,8 +325,8 @@ if strstr "$cmdline" readonlyroot ; then [ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable fi if [ "$READONLY" = "yes" -a -n "$SELINUX_STATE" ]; then - echo "SELinux is not compatible with read-only root at this time." - echo "Mounting read/write." + echo $"SELinux is not compatible with read-only root at this time." + echo $"Mounting read/write." READONLY=no fi |