SVN: rc-scripts/trunk: rc.d/rc.sysinit sysconfig/system

glen glen at pld-linux.org
Fri May 31 00:48:05 CEST 2013 

Author: glen
Date: Fri May 31 00:48:05 2013
New Revision: 12682

Modified:
   rc-scripts/trunk/rc.d/rc.sysinit
   rc-scripts/trunk/sysconfig/system
Log:
move $SELINUX variable setup to function


Modified: rc-scripts/trunk/rc.d/rc.sysinit
==============================================================================
--- rc-scripts/trunk/rc.d/rc.sysinit	(original)
+++ rc-scripts/trunk/rc.d/rc.sysinit	Fri May 31 00:48:05 2013
@@ -72,6 +72,10 @@
 			# default is set in /etc/sysconfig/system
 			DM_MULTIPATH=no
 		;;
+		noselinux)
+			# default is set in /etc/sysconfig/system
+			SELINUX=no
+		;;
 		nousb)
 			nousb=1
 		;;
@@ -97,6 +101,35 @@
 	done
 }
 
+# setup SELINUX variable
+init_selinux() {
+	# user knows!
+	if is_no "$SELINUX"; then
+		return
+	fi
+
+	if ! grep -q selinuxfs /proc/filesystems; then
+		# no support in kernel, no chance
+		SELINUX=no
+	fi
+
+	if ! is_fsmounted selinuxfs /selinux; then
+		mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
+	fi
+
+	# Check SELinux status
+	local selinuxfs=$(awk '/ selinuxfs / { print $2 }' /proc/mounts 2> /dev/null)
+	SELINUX=
+	if [ -n "$selinuxfs" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
+		if [ -r $selinuxfs/enforce ] ; then
+			SELINUX=$(cat $selinuxfs/enforce)
+		else
+			# assume enforcing if you can't read it
+			SELINUX=1
+		fi
+	fi
+}
+
 disable_selinux() {
 	local _d selinuxfs _t _r
 
@@ -341,10 +374,7 @@
 		fi
 	fi
 
-	# selinux
-	if grep -q selinuxfs /proc/filesystems 2>/dev/null && ! is_fsmounted selinuxfs /selinux; then
-		mount -n -o gid=17 -t selinuxfs selinuxfs /selinux
-	fi
+	init_selinux
 
 	# PLD Linux LiveCD support
 	if [ -x /etc/rc.d/rc.live ]; then
@@ -364,18 +394,6 @@
 	# Disable splash when requested
 	is_no "$BOOT_SPLASH" && [ -e /proc/splash ] && echo "0" > /proc/splash
 
-	# Check SELinux status
-	selinuxfs=$(awk '/ selinuxfs / { print $2 }' /proc/mounts 2> /dev/null)
-	SELINUX=
-	if [ -n "$selinuxfs" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
-		if [ -r $selinuxfs/enforce ] ; then
-			SELINUX=$(cat $selinuxfs/enforce)
-		else
-			# assume enforcing if you can't read it
-			SELINUX=1
-		fi
-	fi
-
 	if [ -x /sbin/restorecon ] && is_fsmounted tmpfs /dev; then
 		/sbin/restorecon -R /dev 2>/dev/null
 	fi
@@ -562,7 +580,7 @@
 	fi
 
 	# Clean up SELinux labels
-	if [ -n "$SELINUX" ]; then
+	if is_yes "$SELINUX"; then
 		for file in /etc/mtab /etc/cryptomtab /etc/ld.so.cache; do
 			[ -r $file ] && restorecon $file >/dev/null 2>&1
 		done
@@ -921,8 +939,7 @@
 	clean_vserver_mtab
 fi
 
-
-[ -n "$SELINUX" ] && [ -f /.autorelabel ] && relabel_selinux
+is_yes "$SELINUX" && [ -f /.autorelabel ] && relabel_selinux
 
 # Clean up /.
 rm -f /fastboot /fsckoptions /forcefsck /halt /poweroff >/dev/null 2>&1
@@ -973,7 +990,7 @@
 # System protected dirs
 mkdir -m 1777 -p /tmp/.ICE-unix > /dev/null 2>&1
 chown root:root /tmp/.ICE-unix
-[ -n "$SELINUX" ] && restorecon /tmp/.ICE-unix >/dev/null 2>&1
+is_yes "$SELINUX" && restorecon /tmp/.ICE-unix >/dev/null 2>&1
 
 if ! is_yes "$VSERVER"; then
 	run_cmd "Enabling swap space" true

Modified: rc-scripts/trunk/sysconfig/system
==============================================================================
--- rc-scripts/trunk/sysconfig/system	(original)
+++ rc-scripts/trunk/sysconfig/system	Fri May 31 00:48:05 2013
@@ -125,6 +125,10 @@
 # Vserver isolation only networking inside of guest (yes/no/detect)
 VSERVER_ISOLATION_NET=detect
 
+# Enable selinux support (yes/no/detect)
+# 'yes' behaves as 'detect'
+SELINUX=detect
+
 # Enable syslogging for rc-scripts
 RC_LOGGING=yes

More information about the pld-cvs-commit mailing list