From a2929f90ff24a65042b282601d3fe0d9e591eadc Mon Sep 17 00:00:00 2001 From: Harald Hoyer Date: Wed, 19 May 2010 10:01:33 +0200 Subject: [PATCH] selinux-loadpolicy.sh: exit for "selinux=0" --- modules.d/99base/selinux-loadpolicy.sh | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/modules.d/99base/selinux-loadpolicy.sh b/modules.d/99base/selinux-loadpolicy.sh index 93d6f2c..7db9f8c 100755 --- a/modules.d/99base/selinux-loadpolicy.sh +++ b/modules.d/99base/selinux-loadpolicy.sh @@ -3,20 +3,15 @@ rd_load_policy() { + # If SELinux is disabled exit now + getarg "selinux=0" > /dev/null && return 0 SELINUX="enforcing" [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config" - disabled=0 - # If SELinux is disabled exit now - getarg "selinux=0" > /dev/null - if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then - disabled=1 - fi - # Check whether SELinux is in permissive mode permissive=0 - getarg "enforcing=0" > /dev/null + getarg "enforcing=0" > /dev/null if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then permissive=1 fi @@ -37,13 +32,15 @@ rd_load_policy() fi } 2>&1 | vinfo - if [ $disabled -eq 1 ]; then + if [ "$SELINUX" = "disabled" ]; then return 0; fi if [ $ret -eq 0 -o $ret -eq 2 ]; then # If machine requires a relabel, force to permissive mode [ -e "$NEWROOT"/.autorelabel ] && ( echo 0 > "$NEWROOT"/selinux/enforce ) + mount --bind /dev "$NEWROOT/dev" + chroot "$NEWROOT" /sbin/restorecon -R /dev return 0 fi @@ -55,7 +52,7 @@ rd_load_policy() exit 1 fi return 0 - elif [ $permissive -eq 0 -a $disabled -eq 0 ]; then + elif [ $permissive -eq 0 -a "$SELINUX" != "disabled" ]; then warn "Machine in enforcing mode and cannot execute load_policy." warn "To disable selinux, add selinux=0 to the kernel command line." warn "Not continuing" -- 2.7.4