More from Jan Kiszka: this is a port of the latest sysv-init SELinux patch.

It makes busybox invoke the libselinux library function to load the binary policy right at system start-up. It was successfully tested on a mini-SELinux system. Note: requires recent libselinux. I'm using 1.28.
author: Rob Landley <rob@landley.net> 2006-03-27 23:09:12 +0000
committer: Rob Landley <rob@landley.net> 2006-03-27 23:09:12 +0000
commit: b3ede5abe2de41760a806ad7b5a8e40018abc2f4 (patch)
tree: 8ede2bdcfc640009b3b2bba627fb5edfc87a8242 /init
parent: d1f8c1c1258d400610e2fa136fb15cc8dfb4ffe6 (diff)
download: busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.gz
busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.bz2
busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.zip
1 files changed, 21 insertions, 0 deletions
diff --git a/init/init.c b/init/init.c
index 704cfccda..575ab9775 100644
--- a/init/init.c
+++ b/init/init.c
@@ -39,6 +39,11 @@
 #endif
+#ifdef CONFIG_SELINUX
+# include <selinux/selinux.h>
+#endif /* CONFIG_SELINUX */
 #define INIT_BUFFS_SIZE 256
 /* From <linux/vt.h> */
@@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv)
                parse_inittab();
        }
+#ifdef CONFIG_SELINUX
+        if (getenv("SELINUX_INIT") == NULL) {
+                int enforce = 0;
+                putenv("SELINUX_INIT=YES");
+                if (selinux_init_load_policy(&enforce) == 0) {
+                        execv(argv[0], argv);
+                } else if (enforce > 0) {
+                        /* SELinux in enforcing mode but load_policy failed */
+                        /* At this point, we probably can't open /dev/console, so log() won't work */
+                        message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
+                        exit(1);
+                }
+        }
+#endif /* CONFIG_SELINUX */
        /* Make the command line just say "init"  -- thats all, nothing else */
        fixup_argv(argc, argv, "init");
author	Rob Landley <rob@landley.net>	2006-03-27 23:09:12 +0000
committer	Rob Landley <rob@landley.net>	2006-03-27 23:09:12 +0000
commit	b3ede5abe2de41760a806ad7b5a8e40018abc2f4 (patch)
tree	8ede2bdcfc640009b3b2bba627fb5edfc87a8242 /init
parent	d1f8c1c1258d400610e2fa136fb15cc8dfb4ffe6 (diff)
download	busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.gz busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.tar.bz2 busybox-w32-b3ede5abe2de41760a806ad7b5a8e40018abc2f4.zip

diff --git a/init/init.c b/init/init.c index 704cfccda..575ab9775 100644 --- a/init/init.c +++ b/init/init.c
@@ -39,6 +39,11 @@
39	#endif	39	#endif
40		40
41		41
		42	#ifdef CONFIG_SELINUX
		43	# include <selinux/selinux.h>
		44	#endif /* CONFIG_SELINUX */
		45
		46
42	#define INIT_BUFFS_SIZE 256	47	#define INIT_BUFFS_SIZE 256
43		48
44	/* From <linux/vt.h> */	49	/* From <linux/vt.h> */
@@ -1097,6 +1102,22 @@ int init_main(int argc, char **argv)
1097	parse_inittab();	1102	parse_inittab();
1098	}	1103	}
1099		1104
		1105	#ifdef CONFIG_SELINUX
		1106	if (getenv("SELINUX_INIT") == NULL) {
		1107	int enforce = 0;
		1108
		1109	putenv("SELINUX_INIT=YES");
		1110	if (selinux_init_load_policy(&enforce) == 0) {
		1111	execv(argv[0], argv);
		1112	} else if (enforce > 0) {
		1113	/* SELinux in enforcing mode but load_policy failed */
		1114	/* At this point, we probably can't open /dev/console, so log() won't work */
		1115	message(CONSOLE,"Unable to load SELinux Policy. Machine is in enforcing mode. Halting now.");
		1116	exit(1);
		1117	}
		1118	}
		1119	#endif /* CONFIG_SELINUX */
		1120
1100	/* Make the command line just say "init" -- thats all, nothing else */	1121	/* Make the command line just say "init" -- thats all, nothing else */
1101	fixup_argv(argc, argv, "init");	1122	fixup_argv(argc, argv, "init");
1102		1123