summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeremy Katz <katzj@redhat.com>2004-02-10 19:26:41 +0000
committerJeremy Katz <katzj@redhat.com>2004-02-10 19:26:41 +0000
commitaa848d39e856a406edaf6167627871b4d6728d5f (patch)
treed172e0800dfba67e5dcc77e9e25555e04cfd5dc9
parentd59cfe2fed0cc0cb8b8632cbec4ae03047f1b01c (diff)
downloadanaconda-aa848d39e856a406edaf6167627871b4d6728d5f.tar.gz
anaconda-aa848d39e856a406edaf6167627871b4d6728d5f.tar.xz
anaconda-aa848d39e856a406edaf6167627871b4d6728d5f.zip
load selinux policy from the loader
-rw-r--r--loader2/loader.c35
-rw-r--r--loader2/loader.h2
2 files changed, 36 insertions, 1 deletions
diff --git a/loader2/loader.c b/loader2/loader.c
index 3e63cf455..88de2b938 100644
--- a/loader2/loader.c
+++ b/loader2/loader.c
@@ -11,7 +11,7 @@
* Michael Fulbright <msf@redhat.com>
* Jeremy Katz <katzj@redhat.com>
*
- * Copyright 1997 - 2003 Red Hat, Inc.
+ * Copyright 1997 - 2004 Red Hat, Inc.
*
* This software may be freely redistributed under the terms of the GNU
* General Public License.
@@ -558,6 +558,8 @@ static int parseCmdLineFlags(int flags, struct loaderData_s * loaderData,
loaderData->ethtool = strdup(argv[i] + 8);
else if (!strncasecmp(argv[i], "allowcddma", 10))
flags |= LOADER_FLAGS_ENABLECDDMA;
+ else if (!strncasecmp(argv[i], "selinux=0", 9))
+ flags |= LOADER_FLAGS_NOSELINUX;
else if (numExtraArgs < (MAX_EXTRA_ARGS - 1)) {
/* go through and append args we just want to pass on to */
/* the anaconda script, but don't want to represent as a */
@@ -1332,6 +1334,37 @@ int main(int argc, char ** argv) {
if (access("/tmp/updates", F_OK))
mkdirChain("/tmp/updates");
+ /* now load SELinux policy before exec'ing anaconda (unless we've
+ * specified not to */
+ if (!FL_NOSELINUX(flags)) {
+ char * fn;
+ int pid;
+
+ if (!access("/tmp/updates/policy.15", R_OK))
+ fn = strdup("/tmp/updates/policy.15");
+ else if (!access("/mnt/source/RHupdates/policy.15", R_OK))
+ fn = strdup("/mnt/source/RHupdates/policy.15");
+ else
+ fn = strdup("/mnt/runtime/etc/security/selinux/policy.15");
+
+ logMessage("Loading SELinux policy from %s", fn);
+ if (!(pid = fork())) {
+ setenv("LD_LIBRARY_PATH", LIBPATH, 1);
+ if (mount("/selinux", "/selinux", "selinuxfs", 0, NULL)) {
+ logMessage("failed to mount /selinux: %s", strerror(errno));
+ exit(1);
+ } else {
+ execl("/usr/sbin/load_policy",
+ "/usr/sbin/load_policy", fn, NULL);
+ logMessage("exec of load_policy failed: %s", strerror(errno));
+ exit(1);
+ }
+ }
+
+ waitpid(pid, NULL, 0);
+ free(fn);
+ }
+
logMessage("Running anaconda script %s", *(argptr-1));
*argptr++ = "-m";
diff --git a/loader2/loader.h b/loader2/loader.h
index db005ab83..cd13ecaeb 100644
--- a/loader2/loader.h
+++ b/loader2/loader.h
@@ -34,6 +34,7 @@
#define LOADER_FLAGS_GRAPHICAL (1 << 29)
/* FIXME: this should go away */
#define LOADER_FLAGS_ENABLECDDMA (1 << 13)
+#define LOADER_FLAGS_NOSELINUX (1 << 14)
#define FL_TESTING(a) ((a) & LOADER_FLAGS_TESTING)
#define FL_EXPERT(a) ((a) & LOADER_FLAGS_EXPERT)
@@ -64,6 +65,7 @@
#define FL_CMDLINE(a) ((a) & LOADER_FLAGS_CMDLINE)
/* FIXME: this should go away */
#define FL_ENABLECDDMA(a) ((a) & LOADER_FLAGS_ENABLECDDMA)
+#define FL_NOSELINUX(a) ((a) & LOADER_FLAGS_NOSELINUX)
void startNewt(int flags);