load selinux policy before we start the shell on tty2. we lose the ability

to put policy updates in an updates.img, but it means that the shell is
somewhat sane

1 files changed, 14 insertions, 14 deletions

diff --git a/loader2/loader.c b/loader2/loader.c
index f2e47f4c9..40250f42f 100644
--- a/loader2/loader.c
+++ b/loader2/loader.c
@@ -1256,6 +1256,20 @@ int main(int argc, char ** argv) {
         migrate_runtime_directory("/lib64");
     }
 
+    /* now load SELinux policy before exec'ing anaconda and the shell
+     * (if we're using SELinux) */
+    if (FL_SELINUX(flags)) {
+        if (mount("/selinux", "/selinux", "selinuxfs", 0, NULL)) {
+            logMessage("failed to mount /selinux: %s", strerror(errno));
+        } else {
+            if (loadpolicy() == 0) {
+                setexeccon(ANACONDA_CONTEXT);
+            } else {
+                flags &= ~LOADER_FLAGS_SELINUX;
+            }
+        }
+    }
+
     logMessage("getting ready to spawn shell now");
     
     spawnShell(flags);  /* we can attach gdb now :-) */
@@ -1348,20 +1362,6 @@ int main(int argc, char ** argv) {
     if (access("/tmp/updates", F_OK))
 	mkdirChain("/tmp/updates");
 
-    /* now load SELinux policy before exec'ing anaconda (unless we've
-     * specified not to */
-    if (FL_SELINUX(flags)) {
-        if (mount("/selinux", "/selinux", "selinuxfs", 0, NULL)) {
-            logMessage("failed to mount /selinux: %s", strerror(errno));
-        } else {
-            if (loadpolicy() == 0) {
-                setexeccon(ANACONDA_CONTEXT);
-            } else {
-                flags &= ~LOADER_FLAGS_SELINUX;
-            }
-        }
-    }
-
     logMessage("Running anaconda script %s", *(argptr-1));
     
     *argptr++ = "-m";