[yocto] [meta-selinux] Check for the availability of 'secon' and 'setenforce' in the selinux-init.sh script.
Philip Tricca
flihp at twobit.us
Thu Sep 26 13:49:39 PDT 2013
This is for consistency and to aid in debugging.
Signed-off-by: Philip Tricca <flihp at twobit.us>
---
recipes-security/selinux/selinux-config/selinux-init.sh | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh b/recipes-security/selinux/selinux-config/selinux-init.sh
index 1cdc3dd..8f3efac 100644
--- a/recipes-security/selinux/selinux-config/selinux-init.sh
+++ b/recipes-security/selinux/selinux-config/selinux-init.sh
@@ -6,8 +6,10 @@ CHCON=/usr/bin/chcon
MATCHPATHCON=/usr/sbin/matchpathcon
FIXFILES=/sbin/fixfiles
RESTORECON=/sbin/restorecon
+SECON=/usr/bin/secon
+SETENFORCE=/usr/sbin/setenforce
-for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ; do
+for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ${SECON} ${SETENFORCE}; do
test -x $i && continue
echo "$i is missing in the system."
echo "Please add \"selinux=0\" in the kernel command line to disable SELinux."
@@ -51,12 +53,12 @@ fi
# If first booting, the security context type of init would be
# "kernel_t", and the whole file system should be relabeled.
-if [ "`/usr/bin/secon -t --pid 1`" = "kernel_t" ]; then
+if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
echo "Checking SELinux security contexts:"
check_rootfs
echo " * First booting, filesystem will be relabeled..."
test -x /etc/init.d/auditd && /etc/init.d/auditd start
- /usr/sbin/setenforce 0
+ ${SETENFORCE} 0
${RESTORECON} -R /
${RESTORECON} /
echo " * Relabel done, rebooting the system."
--
1.7.10.4
More information about the yocto
mailing list