From: Jeremy Katz <katzj@redhat.com>
Date: Mon, 5 Jan 2009 18:16:39 +0000 (-0500)
Subject: Basic support for loading SELinux from the initramfs
X-Git-Tag: 0.1~491
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=654568b39e6ce714f4685c654e218ab7013a8d5f;p=thirdparty%2Fdracut.git

Basic support for loading SELinux from the initramfs
---

diff --git a/dracut b/dracut
index 256507dd6..af4486878 100755
--- a/dracut
+++ b/dracut
@@ -66,7 +66,7 @@ fi
 initdir=$(mktemp -d -t initramfs.XXXXXX)
 
 # executables that we have to have
-exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo"
+exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo /usr/sbin/chroot"
 lvmexe="/sbin/lvm"
 cryptexe="/sbin/cryptsetup"
 # and some things that are nice for debugging
diff --git a/init b/init
index d9b6c6058..5b94e3d6d 100755
--- a/init
+++ b/init
@@ -91,12 +91,22 @@ mount --bind /dev $NEWROOT/dev
 mount -t proc /proc $NEWROOT/proc
 mount -t sysfs /sys $NEWROOT/sys
 
-# FIXME: load selinux policy
+# FIXME: load selinux policy.  this should really be done after we switchroot 
+if [ -x $NEWROOT/usr/sbin/load_policy ]; then
+  chroot $NEWROOT /usr/sbin/load_policy -i
+  if [ $? -eq 3 ]; then
+    echo "Initial SELinux policy load failed and enforcing mode requested."
+    echo "Not continuing"
+    sleep 100d
+    exit 1
+  fi
+fi
 
 # kill off udev
 kill `pidof udevd`
 
 [ -x /bin/plymouth ] && /bin/plymouth --newroot=$NEWROOT
+
 # FIXME: nash die die die
 exec /sbin/switch_root
 # davej doesn't like initrd bugs