diff options
| author | Bill Nottingham <notting@redhat.com> | 2004-03-17 17:58:19 +0000 |
|---|---|---|
| committer | Bill Nottingham <notting@redhat.com> | 2004-03-17 17:58:19 +0000 |
| commit | 2c2c0b9572f76dc5b9949848ea4422e5a69b1786 (patch) | |
| tree | da6369b2a10d2312a5c138f9e0a7fc5c4a575bd2 | |
| parent | 46706b01886b813bdad32db7ba53369cecae41cd (diff) | |
| download | initscripts-2c2c0b9572f76dc5b9949848ea4422e5a69b1786.tar initscripts-2c2c0b9572f76dc5b9949848ea4422e5a69b1786.tar.gz initscripts-2c2c0b9572f76dc5b9949848ea4422e5a69b1786.tar.bz2 initscripts-2c2c0b9572f76dc5b9949848ea4422e5a69b1786.tar.xz initscripts-2c2c0b9572f76dc5b9949848ea4422e5a69b1786.zip | |
disable enforcing in emergency mode for now, relabel some commonly
mislabeled files on boot
| -rwxr-xr-x | rc.d/rc.sysinit | 32 |
1 files changed, 31 insertions, 1 deletions
diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit index 3cffe13f..30b135f6 100755 --- a/rc.d/rc.sysinit +++ b/rc.d/rc.sysinit @@ -18,7 +18,6 @@ HOSTTYPE=`uname -m` unamer=`uname -r` eval version=`echo $unamer | awk -F '.' '{ print "(" $1 " " $2 ")" }'` - if [ -f /etc/sysconfig/network ]; then . /etc/sysconfig/network fi @@ -30,6 +29,26 @@ fi mount -n -t proc /proc /proc mount -n -t sysfs /sys /sys >/dev/null 2>&1 +# Check SELinux status +selinuxfs=`awk '/ selinuxfs / { print $2 }' /proc/mounts` +SELINUX= +if [ -n "$selinuxfs" -a "`cat /proc/self/attr/current`" != "kernel" ]; then + if [ -r $selinuxfs/enforce ] ; then + SELINUX=`cat $selinuxfs/enforce` + else + # assume enforcing if you can't read it + SELINUX=1 + fi +fi + +disable_selinux() { + echo "*** Warning -- SELinux is active" + echo "*** Disabling security enforcement for system recovery." + echo "*** Run 'setenforce 1' to reenable." + echo "0" > $selinuxfs/enforce +} + + . /etc/init.d/functions if [ "$HOSTTYPE" != "s390" -a "$HOSTTYPE" != "s390x" ]; then @@ -294,6 +313,7 @@ if [ -z "$fastboot" -a "X$ROOTFSTYPE" != "Xnfs" -a "X$ROOTFSTYPE" != "Xnfs4" ]; str=$"(Repair filesystem)" PS1="$str \# # "; export PS1 + [ "$SELINUX" = "1" ] && disable_selinux sulogin echo $"Unmounting file systems" @@ -361,6 +381,7 @@ if [ -d /etc/lvm/ -a -x /sbin/lvm ]; then fi /bin/rm -f /dev/mapper/control echo "mkdmnod" | /sbin/nash --quiet >/dev/null 2>&1 + [ -n "$SELINUX" ] && restorecon /dev/mapper/control if [ -e /dev/mapper/control -a -x /sbin/lvm ]; then action $"Setting up Logical Volume Management:" /sbin/lvm vgscan --mknodes && /sbin/lvm vgchange -a y fi @@ -377,6 +398,13 @@ fi update_boot_stage RCswap action $"Activating swap partitions: " swapon -a -e +# Clean up SELinux labels +if [ -n "$SELINUX" ]; then + for file in /etc/mtab /etc/ld.so.cache ; do + [ -r $file ] && restorecon -v $file + done +fi + # Clear mtab > /etc/mtab @@ -504,6 +532,7 @@ if [ -f /etc/raidtab ]; then str=$"(RAID Repair)" PS1="$str \# # "; export PS1 + [ "$SELINUX" = "1" ] && disable_selinux sulogin echo $"Unmounting file systems" @@ -557,6 +586,7 @@ if [ -z "$fastboot" ]; then str=$"(Repair filesystem)" PS1="$str \# # "; export PS1 + [ "$SELINUX" = "1" ] && disable_selinux sulogin echo $"Unmounting file systems" |