From: Harald Hoyer <harald@redhat.com>
Date: Wed, 19 May 2010 08:01:33 +0000 (+0200)
Subject: selinux-loadpolicy.sh: exit for "selinux=0"
X-Git-Tag: 006~21
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=a2929f90ff24a65042b282601d3fe0d9e591eadc;p=thirdparty%2Fdracut.git

selinux-loadpolicy.sh: exit for "selinux=0"
---

diff --git a/modules.d/99base/selinux-loadpolicy.sh b/modules.d/99base/selinux-loadpolicy.sh
index 93d6f2cff..7db9f8cd8 100755
--- a/modules.d/99base/selinux-loadpolicy.sh
+++ b/modules.d/99base/selinux-loadpolicy.sh
@@ -3,20 +3,15 @@
 
 rd_load_policy()
 {
+    # If SELinux is disabled exit now 
+    getarg "selinux=0" > /dev/null && return 0
 
     SELINUX="enforcing"
     [ -e "$NEWROOT/etc/selinux/config" ] && . "$NEWROOT/etc/selinux/config"
 
-    disabled=0
-    # If SELinux is disabled exit now 
-    getarg "selinux=0" > /dev/null
-    if [ $? -eq 0 -o "$SELINUX" = "disabled" ]; then
-	disabled=1
-    fi
-
     # Check whether SELinux is in permissive mode
     permissive=0
-    getarg "enforcing=0" > /dev/null
+    getarg "enforcing=0" > /dev/null 
     if [ $? -eq 0 -o "$SELINUX" = "permissive" ]; then
 	permissive=1
     fi
@@ -37,13 +32,15 @@ rd_load_policy()
             fi
 	} 2>&1 | vinfo
 
-	if [ $disabled -eq 1 ]; then
+	if [ "$SELINUX" = "disabled" ]; then
 	    return 0;
 	fi
 
 	if [ $ret -eq 0 -o $ret -eq 2 ]; then
 	    # If machine requires a relabel, force to permissive mode
 	    [ -e "$NEWROOT"/.autorelabel ] && ( echo 0 > "$NEWROOT"/selinux/enforce )
+            mount --bind /dev "$NEWROOT/dev"
+            chroot "$NEWROOT" /sbin/restorecon -R /dev
 	    return 0
 	fi
 
@@ -55,7 +52,7 @@ rd_load_policy()
 	    exit 1
 	fi
 	return 0
-    elif [ $permissive -eq 0 -a $disabled -eq 0 ]; then
+    elif [ $permissive -eq 0 -a "$SELINUX" != "disabled" ]; then
 	warn "Machine in enforcing mode and cannot execute load_policy."
 	warn "To disable selinux, add selinux=0 to the kernel command line."
 	warn "Not continuing"