From f6b18247155df53e10d42472eb95d519565eb560 Mon Sep 17 00:00:00 2001
From: Bill Nottingham <notting@redhat.com>
Date: Thu, 3 Jun 2010 16:38:18 -0400
Subject: Always reboot on autorelabel. (#595823)

It's not just init that could be mislabeled and cause problems;
there's udev, random other command from rc.sysinit, etc. Furthermore,
this avoids a problem with ending up in permissive mode.
---
 rc.d/rc.sysinit | 28 +++++++++-------------------
 1 file changed, 9 insertions(+), 19 deletions(-)

(limited to 'rc.d')

diff --git a/rc.d/rc.sysinit b/rc.d/rc.sysinit
index 03490a1e..55b5b435 100755
--- a/rc.d/rc.sysinit
+++ b/rc.d/rc.sysinit
@@ -56,43 +56,33 @@ disable_selinux() {
 relabel_selinux() {
     # if /sbin/init is not labeled correctly this process is running in the
     # wrong context, so a reboot will be required after relabel
-    REBOOTFLAG=$(restorecon -v /sbin/init)
     AUTORELABEL=
     . /etc/selinux/config
-    if [ "$AUTORELABEL" = "0" ]; then
-	rm -f  /.autorelabel
+    echo "0" > /selinux/enforce
+    [ -n "$PLYMOUTH" ] && plymouth --hide-splash
 
-	[ -n "$PLYMOUTH" ] && plymouth --hide-splash
+    if [ "$AUTORELABEL" = "0" ]; then
 	echo
 	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
 	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
 	echo $"*** problems. Dropping you to a shell; the system will reboot"
 	echo $"*** when you leave the shell."
-	echo "0" > /selinux/enforce
 	sulogin
 
-	echo $"Unmounting file systems"
-	umount -a
-	mount -n -o remount,ro /
-	echo $"Automatic reboot in progress."
-	reboot -f
     else
-	[ -n "$PLYMOUTH" ] && plymouth --hide-splash
 	echo
 	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
 	echo $"*** Relabeling could take a very long time, depending on file"
 	echo $"*** system size and speed of hard drives."
 
-	echo "0" > /selinux/enforce
 	/sbin/fixfiles -F restore > /dev/null 2>&1
-	rm -f  /.autorelabel
-	if [ ! -z "$REBOOTFLAG" ]; then
-	    echo $"Automatic reboot in progress."
-	    reboot -f
-	fi
-	echo $SELINUX_STATE > /selinux/enforce
-	[ -n "$PLYMOUTH" ] && plymouth --show-splash
     fi
+    rm -f  /.autorelabel
+    echo $"Unmounting file systems"
+    umount -a
+    mount -n -o remount,ro /
+    echo $"Automatic reboot in progress."
+    reboot -f
 }
 
 key_is_random() {
-- 
cgit v1.2.1