Merged, thanks. -J. [[yocto] [meta-selinux] Check for the availability of 'secon' and 'setenforce' in the selinux-init.sh script.] On 13.09.26 (Thu 20:49) Philip Tricca wrote:
> This is for consistency and to aid in debugging.
>
> Signed-off-by: Philip Tricca <fl...@twobit.us>
> ---
> recipes-security/selinux/selinux-config/selinux-init.sh | 8 +++++---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
> diff --git a/recipes-security/selinux/selinux-config/selinux-init.sh
> b/recipes-security/selinux/selinux-config/selinux-init.sh
> index 1cdc3dd..8f3efac 100644
> --- a/recipes-security/selinux/selinux-config/selinux-init.sh
> +++ b/recipes-security/selinux/selinux-config/selinux-init.sh
> @@ -6,8 +6,10 @@ CHCON=/usr/bin/chcon
> MATCHPATHCON=/usr/sbin/matchpathcon
> FIXFILES=/sbin/fixfiles
> RESTORECON=/sbin/restorecon
> +SECON=/usr/bin/secon
> +SETENFORCE=/usr/sbin/setenforce
>
> -for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ; do
> +for i in ${CHCON} ${MATCHPATHCON} ${FIXFILES} ${RESTORECON} ${SECON}
> ${SETENFORCE}; do
> test -x $i && continue
> echo "$i is missing in the system."
> echo "Please add \"selinux=0\" in the kernel command line to disable
> SELinux."
> @@ -51,12 +53,12 @@ fi
>
> # If first booting, the security context type of init would be
> # "kernel_t", and the whole file system should be relabeled.
> -if [ "`/usr/bin/secon -t --pid 1`" = "kernel_t" ]; then
> +if [ "`${SECON} -t --pid 1`" = "kernel_t" ]; then
> echo "Checking SELinux security contexts:"
> check_rootfs
> echo " * First booting, filesystem will be relabeled..."
> test -x /etc/init.d/auditd && /etc/init.d/auditd start
> - /usr/sbin/setenforce 0
> + ${SETENFORCE} 0
> ${RESTORECON} -R /
> ${RESTORECON} /
> echo " * Relabel done, rebooting the system."
--
-Joe MacDonald.
:wq
signature.asc
Description: Digital signature
_______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto
