}
#endif
-int selinux_setup(bool *loaded_policy) {
+int mac_selinux_setup(bool *loaded_policy) {
#ifdef HAVE_SELINUX
int enforce = 0;
security_context_t con;
int r;
union selinux_callback cb;
+ bool initialized = false;
assert(loaded_policy);
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
- bool initialized;
-
initialized = !streq(con, "kernel");
freecon(con);
-
- if (initialized)
- return 0;
}
/* Make sure we have no fds open while loading the policy and
char timespan[FORMAT_TIMESPAN_MAX];
char *label;
- retest_selinux();
+ mac_selinux_retest();
/* Transition to the new context */
- r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
+ r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
if (r < 0 || label == NULL) {
log_open();
log_error("Failed to compute init label, ignoring.");
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
- label_free(label);
+ mac_selinux_free(label);
}
after_load = now(CLOCK_MONOTONIC);
log_open();
if (enforce > 0) {
- log_error("Failed to load SELinux policy. Freezing.");
- return -EIO;
+ if (!initialized) {
+ log_emergency("Failed to load SELinux policy.");
+ return -EIO;
+ }
+
+ log_warning("Failed to load new SELinux policy. Continuing with old policy.");
} else
log_debug("Unable to load SELinux policy. Ignoring.");
}