selinux-loadpolicy.sh: exit for "selinux=0"

diff --git a/modules.d/99base/selinux-loadpolicy.sh b/modules.d/99base/selinux-loadpolicy.sh
index 93d6f2cff393cac7c58bb7b0f7f8eba829ac8b8b..7db9f8cd80c9b65ae672e93ab0be0953a7472244 100755 (executable)
--- a/modules.d/99base/selinux-loadpolicy.sh
+++ b/modules.d/99base/selinux-loadpolicy.sh
@@ -3,20 +3,15 @@
 
 rd_load_policy()
 {
+    # If SELinux is disabled exit now 
+    getarg "selinux=0" > /dev/null && return 0
 
     SELINUX="enforcing"
     [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config"
 
-    disabled=0
-    # If SELinux is disabled exit now 
-    getarg "selinux=0" > /dev/null
-    if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then
-       disabled=1
-    fi
-
     # Check whether SELinux is in permissive mode
     permissive=0
-    getarg "enforcing=0" > /dev/null
+    getarg "enforcing=0" > /dev/null 
     if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then
        permissive=1
     fi
@@ -37,13 +32,15 @@ rd_load_policy()
             fi
        } 2>&1 | vinfo
 
-       if [ $disabled -eq 1 ]; then
+       if [ "$SELINUX" = "disabled" ]; then
            return 0;
        fi
 
        if [ $ret -eq 0 -o $ret -eq 2 ]; then
            # If machine requires a relabel, force to permissive mode
            [ -e "$NEWROOT"/.autorelabel ] && ( echo 0 > "$NEWROOT"/selinux/enforce )
+            mount --bind /dev "$NEWROOT/dev"
+            chroot "$NEWROOT" /sbin/restorecon -R /dev
            return 0
        fi
 
@@ -55,7 +52,7 @@ rd_load_policy()
            exit 1
        fi
        return 0
-    elif [ $permissive -eq 0 -a $disabled -eq 0 ]; then
+    elif [ $permissive -eq 0 -a "$SELINUX" != "disabled" ]; then
        warn "Machine in enforcing mode and cannot execute load_policy."
        warn "To disable selinux, add selinux=0 to the kernel command line."
        warn "Not continuing"