selinux-loadpolicy.sh: mount /proc and /selinux before loading the

policies

also check for /sbin/load_policy

diff --git a/modules.d/99base/selinux-loadpolicy.sh b/modules.d/99base/selinux-loadpolicy.sh
index 13e013426ecf109eebaa59f0f01fb11b0ce90cf1..0dd296b072bf28293463f70eb43f1502a228fd2f 100755 (executable)
--- a/modules.d/99base/selinux-loadpolicy.sh
+++ b/modules.d/99base/selinux-loadpolicy.sh
@@ -1,13 +1,24 @@
 #!/bin/sh
 # FIXME: load selinux policy.  this should really be done after we switchroot 
-if [ -x "$NEWROOT/usr/sbin/load_policy" ] && [ -e "$NEWROOT/etc/sysconfig/selinux" ]; then
+
+if [ -x "$NEWROOT/usr/sbin/load_policy" -o -x "$NEWROOT/sbin/load_policy" ] && [ -e "$NEWROOT/etc/sysconfig/selinux" ]; then
+    info "Loading SELinux policy"
     {
-    chroot $NEWROOT /usr/sbin/load_policy -i 2>&1 
+    chroot "$NEWROOT" /bin/mount -t selinuxfs selinuxfs /selinux
+    chroot "$NEWROOT" /bin/mount -t proc proc  /proc
+
+    if [ -x "$NEWROOT/sbin/load_policy" ]; then
+        chroot "$NEWROOT" /sbin/load_policy -i 2>&1
+    else
+        chroot "$NEWROOT" /usr/sbin/load_policy -i 2>&1
+    fi
+
     if [ $? -eq 3 ]; then
        warn "Initial SELinux policy load failed and enforcing mode requested."
        warn "Not continuing"
        sleep 100d
        exit 1
     fi
+    chroot "$NEWROOT" /bin/umount /proc
     } | vinfo
 fi