Bug#929063: init: delegate selinux operation to separate binary

Thu May 16 13:44:20 BST 2019

On Thu, 16 May 2019, Dmitry Bogatov wrote:

> +	if (fork() == 0) { /* child */
	if ((ret = fork()) == 0) { /* child */
> +		execl(SELINUX_CHECK, SELINUX_CHECK, NULL);
> +		fprintf(stderr, "Failed to execute helper to init SELinux\n");
> +		exit(SELINUX_CHECK_HALT);
> +	}
	} else if (ret == -1) { /* fork failed */
		fprintf(stderr, "Failed to fork to execute helper to init SELinux\n");
		ret = SELINUX_CHECK_HALT;
	} else { /* parent */
+		wait(&wstatus);
+		ret = WIFEXITED(wstatus) ? WEXITSTATUS(wstatus) : SELINUX_CHECK_HALT;
	}
> +	switch (ret) {
> +		case SELINUX_CHECK_CONTINUE: return;
[...]