[Pkg-sysvinit-commits] r1890 - in sysvinit/trunk/debian: . patches

Petter Reinholdtsen pere at alioth.debian.org
Wed May 12 18:56:53 UTC 2010 

Author: pere
Date: 2010-05-12 18:56:52 +0000 (Wed, 12 May 2010)
New Revision: 1890

Added:
   sysvinit/trunk/debian/patches/64_init_selinux_enabled.patch
Modified:
   sysvinit/trunk/debian/changelog
   sysvinit/trunk/debian/patches/series
Log:
Add 64_init_selinux_enabled.patch to try to fix the logic used to
enable SELinux (Closes: #580272).

Modified: sysvinit/trunk/debian/changelog
===================================================================
--- sysvinit/trunk/debian/changelog	2010-05-12 11:09:53 UTC (rev 1889)
+++ sysvinit/trunk/debian/changelog	2010-05-12 18:56:52 UTC (rev 1890)
@@ -6,6 +6,8 @@
   * Switch to concurrent booting by default, when dependency based
     boot sqeuencing is enabled.  Make shell and startpar concurrency
     aliases for makefile style concurrency, as both are obsolete now.
+  * Add 64_init_selinux_enabled.patch to try to fix the logic used to
+    enable SELinux (Closes: #580272).
 
  -- Petter Reinholdtsen <pere at debian.org>  Wed, 28 Apr 2010 19:37:54 +0200
 

Added: sysvinit/trunk/debian/patches/64_init_selinux_enabled.patch
===================================================================
--- sysvinit/trunk/debian/patches/64_init_selinux_enabled.patch	                        (rev 0)
+++ sysvinit/trunk/debian/patches/64_init_selinux_enabled.patch	2010-05-12 18:56:52 UTC (rev 1890)
@@ -0,0 +1,40 @@
+Purpose: Try to fix the logic used to enable SELinux
+Authour: Petter Reinholdtsen
+Fixes:   #580272
+Status:  Not sent upstream yet
+
+--- sysvinit-2.88dsf.orig/src/init.c	(revision 1888)
++++ sysvinit-2.88dsf/src/init.c	(working copy)
+@@ -54,10 +54,6 @@
+ 
+ #ifdef WITH_SELINUX
+ #  include <selinux/selinux.h>
+-#  include <sys/mount.h>
+-#  ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
+-#    define MNT_DETACH 2
+-#  endif
+ #endif
+ 
+ #ifdef __i386__
+@@ -2869,11 +2865,9 @@
+ 
+ #ifdef WITH_SELINUX
+ 	if (getenv("SELINUX_INIT") == NULL) {
+-	  const int rc = mount("proc", "/proc", "proc", 0, 0);
+-	  if (is_selinux_enabled() > 0) {
+-	    putenv("SELINUX_INIT=YES");
+-	    if (rc == 0) umount2("/proc", MNT_DETACH);
++	  if (is_selinux_enabled() != 1) {
+ 	    if (selinux_init_load_policy(&enforce) == 0) {
++	      putenv("SELINUX_INIT=YES");
+ 	      execv(myname, argv);
+ 	    } else {
+ 	      if (enforce > 0) {
+@@ -2884,7 +2878,6 @@
+ 	      }
+ 	    }
+ 	  }
+-	  if (rc == 0) umount2("/proc", MNT_DETACH);
+ 	}
+ #endif  
+ 	/* Start booting. */

Modified: sysvinit/trunk/debian/patches/series
===================================================================
--- sysvinit/trunk/debian/patches/series	2010-05-12 11:09:53 UTC (rev 1889)
+++ sysvinit/trunk/debian/patches/series	2010-05-12 18:56:52 UTC (rev 1890)
@@ -2,4 +2,5 @@
 20_init_freebsd_vswtc.patch
 30_killall5_hurd.patch
 63_init_keep_utf8_ttyflag.patch
+64_init_selinux_enabled.patch
 91_sulogin_lockedpw.dpatch

More information about the Pkg-sysvinit-commits mailing list