#!/bin/sh
# FIXME: load selinux policy. this should really be done after we switchroot
-if [ -x "$NEWROOT/usr/sbin/load_policy" -o -x "$NEWROOT/sbin/load_policy" ]; then
- ret=0
- info "Loading SELinux policy"
- {
- # load_policy does mount /proc and /selinux in libselinux,selinux_init_load_policy()
- if [ -x "$NEWROOT/sbin/load_policy" ]; then
- chroot "$NEWROOT" /sbin/load_policy -i
- ret=$?
- else
- chroot "$NEWROOT" /usr/sbin/load_policy -i
- ret=$?
- fi
- } 2>&1 | vinfo
-
- if [ $ret -eq 3 ]; then
- warn "Initial SELinux policy load failed and enforcing mode requested."
+rd_load_policy()
+{
+
+ SELINUX="enforcing"
+ [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config"
+
+ # If SELinux is disabled exit now
+ getarg "selinux=0" > /dev/null
+ if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then
+ return 0
+ fi
+
+ # Check whether SELinux is in permissive mode
+ permissive=0
+ getarg "enforcing=0" > /dev/null
+ if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then
+ permissive=1
+ fi
+
+ # Attempt to load SELinux Policy
+ if [ -x "$NEWROOT/usr/sbin/load_policy" -o -x "$NEWROOT/sbin/load_policy" ]; then
+ ret=0
+ info "Loading SELinux policy"
+ {
+ # load_policy does mount /proc and /selinux in
+ # libselinux,selinux_init_load_policy()
+ if [ -x "$NEWROOT/sbin/load_policy" ]; then
+ chroot "$NEWROOT" /sbin/load_policy -i
+ ret=$?
+ else
+ chroot "$NEWROOT" /usr/sbin/load_policy -i
+ ret=$?
+ fi
+ } 2>&1 | vinfo
+
+ if [ $ret -eq 0 -o $ret -eq 2 ]; then
+ return 0
+ fi
+
+ warn "Initial SELinux policy load failed."
+ if [ $ret -eq 3 -o $permissive -eq 0 ]; then
+ warn "Machine in enforcing mode."
+ warn "Not continuing"
+ sleep 100d
+ exit 1
+ fi
+ return 0
+ elif [ $permissive -eq 0 ]; then
+ warn "Machine in enforcing mode and cannot execute load_policy."
+ warn "To disable selinux, add selinux=0 to the kernel command line."
warn "Not continuing"
sleep 100d
exit 1
fi
-fi
+}
+
+rd_load_policy
test_run() {
$testdir/run-qemu -hda root.ext2 -m 256M -nographic \
-net none -kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/dracut/root rw quiet console=ttyS0,115200n81 rdshell $DEBUGFAIL" \
+ -append "root=/dev/dracut/root rw quiet console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL" \
-initrd initramfs.testing
grep -m 1 -q dracut-root-block-success root.ext2 || return 1
}
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created root.ext2 || return 1
(
test_run() {
$testdir/run-qemu -hda root.ext2 -m 256M -nographic \
-net none -kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/dracut/root rw quiet rdinfo console=ttyS0,115200n81 rdshell $DEBUGFAIL" \
+ -append "root=/dev/dracut/root rw quiet rdinfo console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL" \
-initrd initramfs.testing
grep -m 1 -q dracut-root-block-success root.ext2 || return 1
}
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created root.ext2 || return 1
(
echo "CLIENT TEST START: $@"
$testdir/run-qemu -hda root.ext2 -m 256M -nographic \
-net none -kernel /boot/vmlinuz-$KVERSION \
- -append "$@ root=LABEL=root rw quiet rdinfo console=ttyS0,115200n81 rdshell $DEBUGFAIL " \
+ -append "$@ root=LABEL=root rw quiet rdinfo console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL " \
-initrd initramfs.testing
if ! grep -m 1 -q dracut-root-block-success root.ext2; then
echo "CLIENT TEST END: $@ [FAIL]"
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created root.ext2 || return 1
eval $(grep --binary-files=text -m 1 MD_UUID root.ext2)
test_run() {
$testdir/run-qemu -hda root.ext2 -m 256M -nographic \
-net none -kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/dracut/root rw quiet rdinfo console=ttyS0,115200n81 rdshell $DEBUGFAIL" \
+ -append "root=/dev/dracut/root rw quiet rdinfo console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL" \
-initrd initramfs.testing
grep -m 1 -q dracut-root-block-success root.ext2 || return 1
}
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created root.ext2 || return 1
(
echo "CLIENT TEST START: $@"
$testdir/run-qemu -hda root.ext2 -hdb disk1 -hdc disk2 -m 256M -nographic \
-net none -kernel /boot/vmlinuz-$KVERSION \
- -append "$@ root=LABEL=root rw quiet rdinfo console=ttyS0,115200n81 rdshell $DEBUGFAIL" \
+ -append "$@ root=LABEL=root rw quiet rdinfo console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL" \
-initrd initramfs.testing
if ! grep -m 1 -q dracut-root-block-success root.ext2; then
echo "CLIENT TEST END: $@ [FAIL]"
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -hdb disk1 -hdc disk2 -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created root.ext2 || return 1
(
-net socket,mcast=230.0.0.1:1234 \
-serial udp:127.0.0.1:9999 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/sda rw quiet console=ttyS0,115200n81" \
+ -append "root=/dev/sda rw quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.server -pidfile server.pid -daemonize || return 1
sudo chmod 644 server.pid || return 1
-net nic,macaddr=$mac,model=e1000 \
-net socket,mcast=230.0.0.1:1234 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "$cmdline $DEBUGFAIL rdshell ro quiet console=ttyS0,115200n81" \
+ -append "$cmdline $DEBUGFAIL rdshell ro quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.testing
if [[ $? -ne 0 ]] || ! grep -m 1 -q nfs-OK client.img; then
-net socket,mcast=230.0.0.1:1235 \
-serial udp:127.0.0.1:9999 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/sda rw quiet console=ttyS0,115200n81" \
+ -append "root=/dev/sda rw quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.server -pidfile server.pid -daemonize || return 1
sudo chmod 644 server.pid || return 1
-net nic,macaddr=52:54:00:12:34:00,model=e1000 \
-net socket,mcast=230.0.0.1:1235 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "root=dhcp rw quiet console=ttyS0,115200n81 rdshell $DEBUGFAIL" \
+ -append "root=dhcp rw quiet console=ttyS0,115200n81 selinux=0 rdshell $DEBUGFAIL" \
-initrd initramfs.testing
grep -m 1 -q iscsi-OK client.img || return 1
}
# Invoke KVM and/or QEMU to actually create the target filesystem.
$testdir/run-qemu -hda root.ext2 -hdb client.img -m 256M -nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw rootfstype=ext2 quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created client.img || return 1
rm client.img
-net socket,mcast=230.0.0.1:1236 \
-serial udp:127.0.0.1:9999 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "root=/dev/sda rw quiet console=ttyS0,115200n81" \
+ -append "root=/dev/sda rw quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.server -pidfile server.pid -daemonize || return 1
sudo chmod 644 server.pid || return 1
-net nic,macaddr=$mac,model=e1000 \
-net socket,mcast=230.0.0.1:1236 \
-kernel /boot/vmlinuz-$KVERSION \
- -append "$cmdline $DEBUGFAIL rdshell ro quiet console=ttyS0,115200n81" \
+ -append "$cmdline $DEBUGFAIL rdshell ro quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.testing
if [[ $? -ne 0 ]] || ! grep -m 1 -q nbd-OK flag.img; then
$testdir/run-qemu -hda flag.img -hdb encrypted.ext2 -m 256M \
-nographic -net none \
-kernel "/boot/vmlinuz-$kernel" \
- -append "root=/dev/dracut/root rw quiet console=ttyS0,115200n81" \
+ -append "root=/dev/dracut/root rw quiet console=ttyS0,115200n81 selinux=0" \
-initrd initramfs.makeroot || return 1
grep -m 1 -q dracut-root-block-created flag.img || return 1
}
projects / thirdparty / dracut.git / commitdiff
