X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fcore%2Fselinux-setup.c;h=25e22b6c777431f84370453935a8c5bc8ebc1f2a;hb=609c3029076da1ba423673161e5d0fc82ccca6b6;hp=6d8bc899652a7897a1941ef03d20ca33749daae3;hpb=4ab72d6fb499c2b4d8baced9fa94a8bbfa5a4b3d;p=elogind.git

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index 6d8bc8996..25e22b6c7 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -43,7 +43,7 @@ static int null_log(int type, const char *fmt, ...) {
 }
 #endif
 
-int selinux_setup(bool *loaded_policy) {
+int mac_selinux_setup(bool *loaded_policy) {
 
 #ifdef HAVE_SELINUX
         int enforce = 0;
@@ -51,6 +51,7 @@ int selinux_setup(bool *loaded_policy) {
         security_context_t con;
         int r;
         union selinux_callback cb;
+        bool initialized = false;
 
         assert(loaded_policy);
 
@@ -68,13 +69,8 @@ int selinux_setup(bool *loaded_policy) {
         /* Already initialized by somebody else? */
         r = getcon_raw(&con);
         if (r == 0) {
-                bool initialized;
-
                 initialized = !streq(con, "kernel");
                 freecon(con);
-
-                if (initialized)
-                        return 0;
         }
 
         /* Make sure we have no fds open while loading the policy and
@@ -88,10 +84,10 @@ int selinux_setup(bool *loaded_policy) {
                 char timespan[FORMAT_TIMESPAN_MAX];
                 char *label;
 
-                retest_selinux();
+                mac_selinux_retest();
 
                 /* Transition to the new context */
-                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
+                r = mac_selinux_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
                 if (r < 0 || label == NULL) {
                         log_open();
                         log_error("Failed to compute init label, ignoring.");
@@ -102,7 +98,7 @@ int selinux_setup(bool *loaded_policy) {
                         if (r < 0)
                                 log_error("Failed to transition into init label '%s', ignoring.", label);
 
-                        label_free(label);
+                        mac_selinux_free(label);
                 }
 
                 after_load = now(CLOCK_MONOTONIC);
@@ -116,8 +112,12 @@ int selinux_setup(bool *loaded_policy) {
                 log_open();
 
                 if (enforce > 0) {
-                        log_error("Failed to load SELinux policy. Freezing.");
-                        return -EIO;
+                        if (!initialized) {
+                                log_error("Failed to load SELinux policy. Freezing.");
+                                return -EIO;
+                        }
+
+                        log_warning("Failed to load new SELinux policy. Continuing with old policy.");
                 } else
                         log_debug("Unable to load SELinux policy. Ignoring.");
         }