[Michal Svoboda]
> And why we want that? Because the function checks if we already have
> a policy loaded in the kernel. 1 means yes, 0 means no and -1 means
> no as well. No need to mess with mounting /proc ;-)
Can you test this patch and let me know if it work?
Index: src/init.c
===================================================================
--- src/init.c (revision 1888)
+++ src/init.c (working copy)
@@ -54,10 +54,6 @@
#ifdef WITH_SELINUX
# include <selinux/selinux.h>
-# include <sys/mount.h>
-# ifndef MNT_DETACH /* present in glibc 2.10, missing in 2.7 */
-# define MNT_DETACH 2
-# endif
#endif
#ifdef __i386__
@@ -2869,11 +2865,9 @@
#ifdef WITH_SELINUX
if (getenv("SELINUX_INIT") == NULL) {
- const int rc = mount("proc", "/proc", "proc", 0, 0);
- if (is_selinux_enabled() > 0) {
- putenv("SELINUX_INIT=YES");
- if (rc == 0) umount2("/proc", MNT_DETACH);
+ if (is_selinux_enabled() != 1) {
if (selinux_init_load_policy(&enforce) == 0) {
+ putenv("SELINUX_INIT=YES");
execv(myname, argv);
} else {
if (enforce > 0) {
@@ -2884,7 +2878,6 @@
}
}
}
- if (rc == 0) umount2("/proc", MNT_DETACH);
}
#endif
/* Start booting. */
Happy hacking,
--
Petter Reinholdtsen
