2005-10-07 Jeremy Katz <katzj@redhat.com>

	* loader2/selinux.c (loadpolicy): load_policy changed how it
	works, let's try to keep it happy if we can instead of having to
	implement it ourselves.

	* scripts/upd-instroot (SELINUX): Create an selinux config.

3 files changed, 23 insertions, 62 deletions

diff --git a/ChangeLog b/ChangeLog
index 28737f81f..39c9ec1ae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,11 @@
+2005-10-07  Jeremy Katz  <katzj@redhat.com>
+
+	* loader2/selinux.c (loadpolicy): load_policy changed how it
+	works, let's try to keep it happy if we can instead of having to
+	implement it ourselves.
+
+	* scripts/upd-instroot (SELINUX): Create an selinux config.
+
 2005-10-07  Chris Lumens  <clumens@redhat.com>
 
 	* anaconda:  Use rhpxl instead of rhpl for X configuration.
diff --git a/loader2/selinux.c b/loader2/selinux.c
index 33a861b27..313bc7d0b 100644
--- a/loader2/selinux.c
+++ b/loader2/selinux.c
@@ -28,81 +28,26 @@
 #include "loadermisc.h"
 #include "log.h"
 
-static char * getpolicyver() {
-    int fd;
-    char * buf;
-
-    fd = open("/selinux/policyvers", O_RDONLY);
-    if (fd == -1) {
-        return NULL;
-    }
-
-    buf = malloc(32);
-    buf = memset(buf, 0, 32);
-    if ((read(fd, buf, 32)) == -1) {
-        logMessage(ERROR, "error getting policy version: %s", strerror(errno));
-        free(buf);
-        close(fd);
-        return NULL;
-    }
-
-    close(fd);
-    return buf;
-}
-
 int loadpolicy() {
-    char * ver, * fn, * bfn;
-    char *paths[] = { "/tmp/updates", 
-                      "/mnt/source/RHupdates",
-                      "/mnt/runtime/etc/selinux/targeted/policy",
-                      "/mnt/runtime/etc/security/selinux",
-                      NULL };
-    char *bpaths[] = { "/tmp/updates", 
-                      "/mnt/source/RHupdates",
-                      "/mnt/runtime/etc/selinux/targeted",
-                      "/mnt/runtime/etc/security/selinux",
-                      NULL };
-    int i, pid, status;
+    int pid, status;
 
-    ver = getpolicyver();
-    if (ver == NULL) {
-        return -1;
-    }
-
-    fn = malloc(128);
-    fn = memset(fn, 0, 128);
-    for (i = 0; paths[i]; i++) {
-        snprintf(fn, 128, "%s/policy.%s", (char *) paths[i], ver);
-        if (!access(fn, R_OK)) {
-            break;
-        }
-    }
+    logMessage(INFO, "Loading SELinux policy");
 
-    bfn = malloc(128);
-    bfn = memset(bfn, 0, 128);
-    for (i = 0; paths[i]; i++) {
-        snprintf(bfn, 128, "%s/booleans", (char *) bpaths[i]);
-        if (!access(bfn, R_OK)) {
-            break;
-        }
-    }
-
-    if (access(fn, R_OK) || access(bfn, R_OK)) {
-        logMessage(ERROR, "Unable to load suitable SELinux policy");
-        return -1;
+    if (symlink("/mnt/runtime/etc/selinux", "/etc/selinux") == -1) {
+        logMessage(ERROR, "unable to create /etc/selinux symlink: %s", 
+                   strerror(errno));
+        return 1;
     }
 
-    logMessage(INFO, "Loading SELinux policy from %s", fn);
     if (!(pid = fork())) {
         setenv("LD_LIBRARY_PATH", LIBPATH, 1);
         execl("/usr/sbin/load_policy", 
-              "/usr/sbin/load_policy", "-q", "-b", fn, bfn, NULL);
+              "/usr/sbin/load_policy", "-q", "-b", NULL);
         logMessage(ERROR, "exec of load_policy failed: %s", strerror(errno));
         exit(1);
     }
 
     waitpid(pid, &status, 0);
-    free(fn);
     if (WIFEXITED(status) && (WEXITSTATUS(status) != 0))
         return 1;
 
diff --git a/scripts/upd-instroot b/scripts/upd-instroot
index 09c2af638..240c3a774 100755
--- a/scripts/upd-instroot
+++ b/scripts/upd-instroot
@@ -959,6 +959,14 @@ ln -fs jmacs $DESTGR/usr/bin/emacs
 ln -fs jpico $DESTGR/usr/bin/pico
 ln -fs jpico $DESTGR/usr/bin/nano
 
+# create selinux config
+if [ -e $DEST/etc/selinux/targeted ]; then
+  cat > $DEST/etc/selinux/config <<EOF
+SELINUX=permissive
+SELINUXTYPE=targeted
+EOF
+cp $DEST/etc/selinux/config $DESTGR/etc/selinux/config
+
 echo "Creating nsswitch.conf"
 cat > $DEST/etc/nsswitch.conf <<EOF
 # munged nsswitch.conf with just what anaconda needs