aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBill Nottingham <notting@redhat.com>2006-05-25 20:53:09 +0000
committerBill Nottingham <notting@redhat.com>2006-05-25 20:53:09 +0000
commit2baf49b47a4c9247b9f08af52c1bee10e99923c9 (patch)
treecd2703be3b943bbc0f3bebc18740f28b554150f0
parentb0f47a77d1ee3223f55e40e9da2d6d290ae046c7 (diff)
downloadinitscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar
initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.gz
initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.bz2
initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.tar.xz
initscripts-2baf49b47a4c9247b9f08af52c1bee10e99923c9.zip
allow for sulogin instead of automatic relabeling (<dwalsh@redhat.com>)
-rwxr-xr-xrc.d/rc.sysinit59
1 files changed, 39 insertions, 20 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 9e73cc27..7451c528 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -45,9 +45,9 @@ if [ -n "$SELINUX_STATE" -a -x /sbin/restorecon ] && LC_ALL=C fgrep -q " /dev "
fi
disable_selinux() {
- echo "*** Warning -- SELinux is active"
- echo "*** Disabling security enforcement for system recovery."
- echo "*** Run 'setenforce 1' to reenable."
+ echo $"*** Warning -- SELinux is active"
+ echo $"*** Disabling security enforcement for system recovery."
+ echo $"*** Run 'setenforce 1' to reenable."
echo "0" > "$selinuxfs/enforce"
}
@@ -58,22 +58,41 @@ relabel_selinux() {
# if /sbin/init is not labeled correctly this process is running in the
# wrong context, so a reboot will be reuired after relabel
REBOOTFLAG=`restorecon -v /sbin/init`
+ AUTORELABEL=
. /etc/selinux/config
- echo "
- *** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. ***
- *** Relabelling could take a very long time, depending on file ***
- *** system size and speed of hard drives. ***
- "
- echo "0" > "$selinuxfs/enforce"
- /sbin/fixfiles restore > /dev/null 2>&1
- rm -f /.autorelabel
- if [ ! -z "$REBOOTFLAG" ]; then
- echo $"Automatic reboot in progress."
- reboot -f
- fi
- echo $SELINUX_STATE > "$selinuxfs/enforce"
- if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
- chvt 8
+ if [ "$AUTORELABEL" = "0" ]; then
+ rm -f /.autorelabel
+
+ echo
+ echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
+ echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
+ echo $"*** problems. Dropping you to a shell; the system will reboot"
+ echo $"*** when you leave the shell."
+ echo "0" > $selinuxfs/enforce
+ sulogin
+
+ echo $"Unmounting file systems"
+ umount -a
+ mount -n -o remount,ro /
+ echo $"Automatic reboot in progress."
+ reboot -f
+ else
+ echo
+ echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
+ echo $"*** Relabelling could take a very long time, depending on file"
+ echo $"*** system size and speed of hard drives."
+
+ echo "0" > $selinuxfs/enforce
+ /sbin/fixfiles restore > /dev/null 2>&1
+ rm -f /.autorelabel
+ if [ ! -z "$REBOOTFLAG" ]; then
+ echo $"Automatic reboot in progress."
+ reboot -f
+ fi
+ echo $SELINUX_STATE > $selinuxfs/enforce
+ if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
+ chvt 8
+ fi
fi
}
@@ -306,8 +325,8 @@ if strstr "$cmdline" readonlyroot ; then
[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
fi
if [ "$READONLY" = "yes" -a -n "$SELINUX_STATE" ]; then
- echo "SELinux is not compatible with read-only root at this time."
- echo "Mounting read/write."
+ echo $"SELinux is not compatible with read-only root at this time."
+ echo $"Mounting read/write."
READONLY=no
fi