Package: libselinux1
Version: 2.0.15-2
Severity: wishlist
Tags: patch
When selinux_init_load_policy calls mount() it "knows" when selinux is not
wanted due to being disabled or having no kernel device handle and sets
*enforce to 0, but still allows the following fprintf to display a rather
misleading error message.
if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
if (errno == ENODEV) {
/*
* SELinux was disabled in the kernel, either
* omitted entirely or disabled at boot via selinux=0.
* This takes precedence over any config or
* commandline enforcing setting.
*/
*enforce = 0;
}
fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n",
SELINUXMNT, strerror(errno));
goto noload;
}
The error when selinux is unwanted can be one of two:
1. the /selinux directory does not exist
2. there "is no such device" when /selinux mountpoint does exist
Please avoid the misleading error message on systems where selinux=0
(or kernel has no selinux support at all).
Thanks, Kel.
diff -Nrup libselinux-2.0.15/src/load_policy.c
libselinux-2.0.15.quiet/src/load_policy.c
--- libselinux-2.0.15/src/load_policy.c 2007-04-28 02:37:51.000000000 +1000
+++ libselinux-2.0.15.quiet/src/load_policy.c 2007-05-15 19:36:40.000000000
+1000
@@ -225,6 +225,7 @@ int selinux_init_load_policy(int *enforc
* commandline enforcing setting.
*/
*enforce = 0;
+ goto noload;
}
fprintf(stderr, "Mount failed for selinuxfs on %s: %s\n",
SELINUXMNT, strerror(errno));
goto noload;
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
