diff options
author | Jeremy Katz <katzj@redhat.com> | 2005-10-07 17:54:02 +0000 |
---|---|---|
committer | Jeremy Katz <katzj@redhat.com> | 2005-10-07 17:54:02 +0000 |
commit | 254c327bbf157e433a32050bdd1871356155323d (patch) | |
tree | 32b54a015a1c0a3e361b77fb848498ab5b42b400 | |
parent | 8c15b586180e8fe495c93115f4c679d516b5f6b2 (diff) | |
download | anaconda-254c327bbf157e433a32050bdd1871356155323d.tar.gz anaconda-254c327bbf157e433a32050bdd1871356155323d.tar.xz anaconda-254c327bbf157e433a32050bdd1871356155323d.zip |
2005-10-07 Jeremy Katz <katzj@redhat.com>
* loader2/selinux.c (loadpolicy): load_policy changed how it
works, let's try to keep it happy if we can instead of having to
implement it ourselves.
* scripts/upd-instroot (SELINUX): Create an selinux config.
-rw-r--r-- | ChangeLog | 8 | ||||
-rw-r--r-- | loader2/selinux.c | 69 | ||||
-rwxr-xr-x | scripts/upd-instroot | 8 |
3 files changed, 23 insertions, 62 deletions
@@ -1,3 +1,11 @@ +2005-10-07 Jeremy Katz <katzj@redhat.com> + + * loader2/selinux.c (loadpolicy): load_policy changed how it + works, let's try to keep it happy if we can instead of having to + implement it ourselves. + + * scripts/upd-instroot (SELINUX): Create an selinux config. + 2005-10-07 Chris Lumens <clumens@redhat.com> * anaconda: Use rhpxl instead of rhpl for X configuration. diff --git a/loader2/selinux.c b/loader2/selinux.c index 33a861b27..313bc7d0b 100644 --- a/loader2/selinux.c +++ b/loader2/selinux.c @@ -28,81 +28,26 @@ #include "loadermisc.h" #include "log.h" -static char * getpolicyver() { - int fd; - char * buf; - - fd = open("/selinux/policyvers", O_RDONLY); - if (fd == -1) { - return NULL; - } - - buf = malloc(32); - buf = memset(buf, 0, 32); - if ((read(fd, buf, 32)) == -1) { - logMessage(ERROR, "error getting policy version: %s", strerror(errno)); - free(buf); - close(fd); - return NULL; - } - - close(fd); - return buf; -} - int loadpolicy() { - char * ver, * fn, * bfn; - char *paths[] = { "/tmp/updates", - "/mnt/source/RHupdates", - "/mnt/runtime/etc/selinux/targeted/policy", - "/mnt/runtime/etc/security/selinux", - NULL }; - char *bpaths[] = { "/tmp/updates", - "/mnt/source/RHupdates", - "/mnt/runtime/etc/selinux/targeted", - "/mnt/runtime/etc/security/selinux", - NULL }; - int i, pid, status; + int pid, status; - ver = getpolicyver(); - if (ver == NULL) { - return -1; - } - - fn = malloc(128); - fn = memset(fn, 0, 128); - for (i = 0; paths[i]; i++) { - snprintf(fn, 128, "%s/policy.%s", (char *) paths[i], ver); - if (!access(fn, R_OK)) { - break; - } - } + logMessage(INFO, "Loading SELinux policy"); - bfn = malloc(128); - bfn = memset(bfn, 0, 128); - for (i = 0; paths[i]; i++) { - snprintf(bfn, 128, "%s/booleans", (char *) bpaths[i]); - if (!access(bfn, R_OK)) { - break; - } - } - - if (access(fn, R_OK) || access(bfn, R_OK)) { - logMessage(ERROR, "Unable to load suitable SELinux policy"); - return -1; + if (symlink("/mnt/runtime/etc/selinux", "/etc/selinux") == -1) { + logMessage(ERROR, "unable to create /etc/selinux symlink: %s", + strerror(errno)); + return 1; } - logMessage(INFO, "Loading SELinux policy from %s", fn); if (!(pid = fork())) { setenv("LD_LIBRARY_PATH", LIBPATH, 1); execl("/usr/sbin/load_policy", - "/usr/sbin/load_policy", "-q", "-b", fn, bfn, NULL); + "/usr/sbin/load_policy", "-q", "-b", NULL); logMessage(ERROR, "exec of load_policy failed: %s", strerror(errno)); exit(1); } waitpid(pid, &status, 0); - free(fn); if (WIFEXITED(status) && (WEXITSTATUS(status) != 0)) return 1; diff --git a/scripts/upd-instroot b/scripts/upd-instroot index 09c2af638..240c3a774 100755 --- a/scripts/upd-instroot +++ b/scripts/upd-instroot @@ -959,6 +959,14 @@ ln -fs jmacs $DESTGR/usr/bin/emacs ln -fs jpico $DESTGR/usr/bin/pico ln -fs jpico $DESTGR/usr/bin/nano +# create selinux config +if [ -e $DEST/etc/selinux/targeted ]; then + cat > $DEST/etc/selinux/config <<EOF +SELINUX=permissive +SELINUXTYPE=targeted +EOF +cp $DEST/etc/selinux/config $DESTGR/etc/selinux/config + echo "Creating nsswitch.conf" cat > $DEST/etc/nsswitch.conf <<EOF # munged nsswitch.conf with just what anaconda needs |