chiark
/
gitweb
/
~ianmdlvl
/
elogind.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
localectl: fix localectl set-x11-keymap syntax description
[elogind.git]
/
src
/
core
/
selinux-setup.c
diff --git
a/src/core/selinux-setup.c
b/src/core/selinux-setup.c
index 6d8bc899652a7897a1941ef03d20ca33749daae3..25e22b6c777431f84370453935a8c5bc8ebc1f2a 100644
(file)
--- a/
src/core/selinux-setup.c
+++ b/
src/core/selinux-setup.c
@@
-43,7
+43,7
@@
static int null_log(int type, const char *fmt, ...) {
}
#endif
}
#endif
-int selinux_setup(bool *loaded_policy) {
+int
mac_
selinux_setup(bool *loaded_policy) {
#ifdef HAVE_SELINUX
int enforce = 0;
#ifdef HAVE_SELINUX
int enforce = 0;
@@
-51,6
+51,7
@@
int selinux_setup(bool *loaded_policy) {
security_context_t con;
int r;
union selinux_callback cb;
security_context_t con;
int r;
union selinux_callback cb;
+ bool initialized = false;
assert(loaded_policy);
assert(loaded_policy);
@@
-68,13
+69,8
@@
int selinux_setup(bool *loaded_policy) {
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
- bool initialized;
-
initialized = !streq(con, "kernel");
freecon(con);
initialized = !streq(con, "kernel");
freecon(con);
-
- if (initialized)
- return 0;
}
/* Make sure we have no fds open while loading the policy and
}
/* Make sure we have no fds open while loading the policy and
@@
-88,10
+84,10
@@
int selinux_setup(bool *loaded_policy) {
char timespan[FORMAT_TIMESPAN_MAX];
char *label;
char timespan[FORMAT_TIMESPAN_MAX];
char *label;
-
retest_selinux
();
+
mac_selinux_retest
();
/* Transition to the new context */
/* Transition to the new context */
- r =
label
_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
+ r =
mac_selinux
_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
if (r < 0 || label == NULL) {
log_open();
log_error("Failed to compute init label, ignoring.");
if (r < 0 || label == NULL) {
log_open();
log_error("Failed to compute init label, ignoring.");
@@
-102,7
+98,7
@@
int selinux_setup(bool *loaded_policy) {
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
if (r < 0)
log_error("Failed to transition into init label '%s', ignoring.", label);
-
label
_free(label);
+
mac_selinux
_free(label);
}
after_load = now(CLOCK_MONOTONIC);
}
after_load = now(CLOCK_MONOTONIC);
@@
-116,8
+112,12
@@
int selinux_setup(bool *loaded_policy) {
log_open();
if (enforce > 0) {
log_open();
if (enforce > 0) {
- log_error("Failed to load SELinux policy. Freezing.");
- return -EIO;
+ if (!initialized) {
+ log_error("Failed to load SELinux policy. Freezing.");
+ return -EIO;
+ }
+
+ log_warning("Failed to load new SELinux policy. Continuing with old policy.");
} else
log_debug("Unable to load SELinux policy. Ignoring.");
}
} else
log_debug("Unable to load SELinux policy. Ignoring.");
}