diff options
author | Jeremy Katz <katzj@redhat.com> | 2004-02-10 19:26:41 +0000 |
---|---|---|
committer | Jeremy Katz <katzj@redhat.com> | 2004-02-10 19:26:41 +0000 |
commit | aa848d39e856a406edaf6167627871b4d6728d5f (patch) | |
tree | d172e0800dfba67e5dcc77e9e25555e04cfd5dc9 | |
parent | d59cfe2fed0cc0cb8b8632cbec4ae03047f1b01c (diff) | |
download | anaconda-aa848d39e856a406edaf6167627871b4d6728d5f.tar.gz anaconda-aa848d39e856a406edaf6167627871b4d6728d5f.tar.xz anaconda-aa848d39e856a406edaf6167627871b4d6728d5f.zip |
load selinux policy from the loader
-rw-r--r-- | loader2/loader.c | 35 | ||||
-rw-r--r-- | loader2/loader.h | 2 |
2 files changed, 36 insertions, 1 deletions
diff --git a/loader2/loader.c b/loader2/loader.c index 3e63cf455..88de2b938 100644 --- a/loader2/loader.c +++ b/loader2/loader.c @@ -11,7 +11,7 @@ * Michael Fulbright <msf@redhat.com> * Jeremy Katz <katzj@redhat.com> * - * Copyright 1997 - 2003 Red Hat, Inc. + * Copyright 1997 - 2004 Red Hat, Inc. * * This software may be freely redistributed under the terms of the GNU * General Public License. @@ -558,6 +558,8 @@ static int parseCmdLineFlags(int flags, struct loaderData_s * loaderData, loaderData->ethtool = strdup(argv[i] + 8); else if (!strncasecmp(argv[i], "allowcddma", 10)) flags |= LOADER_FLAGS_ENABLECDDMA; + else if (!strncasecmp(argv[i], "selinux=0", 9)) + flags |= LOADER_FLAGS_NOSELINUX; else if (numExtraArgs < (MAX_EXTRA_ARGS - 1)) { /* go through and append args we just want to pass on to */ /* the anaconda script, but don't want to represent as a */ @@ -1332,6 +1334,37 @@ int main(int argc, char ** argv) { if (access("/tmp/updates", F_OK)) mkdirChain("/tmp/updates"); + /* now load SELinux policy before exec'ing anaconda (unless we've + * specified not to */ + if (!FL_NOSELINUX(flags)) { + char * fn; + int pid; + + if (!access("/tmp/updates/policy.15", R_OK)) + fn = strdup("/tmp/updates/policy.15"); + else if (!access("/mnt/source/RHupdates/policy.15", R_OK)) + fn = strdup("/mnt/source/RHupdates/policy.15"); + else + fn = strdup("/mnt/runtime/etc/security/selinux/policy.15"); + + logMessage("Loading SELinux policy from %s", fn); + if (!(pid = fork())) { + setenv("LD_LIBRARY_PATH", LIBPATH, 1); + if (mount("/selinux", "/selinux", "selinuxfs", 0, NULL)) { + logMessage("failed to mount /selinux: %s", strerror(errno)); + exit(1); + } else { + execl("/usr/sbin/load_policy", + "/usr/sbin/load_policy", fn, NULL); + logMessage("exec of load_policy failed: %s", strerror(errno)); + exit(1); + } + } + + waitpid(pid, NULL, 0); + free(fn); + } + logMessage("Running anaconda script %s", *(argptr-1)); *argptr++ = "-m"; diff --git a/loader2/loader.h b/loader2/loader.h index db005ab83..cd13ecaeb 100644 --- a/loader2/loader.h +++ b/loader2/loader.h @@ -34,6 +34,7 @@ #define LOADER_FLAGS_GRAPHICAL (1 << 29) /* FIXME: this should go away */ #define LOADER_FLAGS_ENABLECDDMA (1 << 13) +#define LOADER_FLAGS_NOSELINUX (1 << 14) #define FL_TESTING(a) ((a) & LOADER_FLAGS_TESTING) #define FL_EXPERT(a) ((a) & LOADER_FLAGS_EXPERT) @@ -64,6 +65,7 @@ #define FL_CMDLINE(a) ((a) & LOADER_FLAGS_CMDLINE) /* FIXME: this should go away */ #define FL_ENABLECDDMA(a) ((a) & LOADER_FLAGS_ENABLECDDMA) +#define FL_NOSELINUX(a) ((a) & LOADER_FLAGS_NOSELINUX) void startNewt(int flags); |