summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@gentoo.org>2004-12-22 03:25:20 +0000
committerMike Frysinger <vapier@gentoo.org>2004-12-22 03:25:20 +0000
commitccca10aaea38f831eb0d0eb15d5636be158a2321 (patch)
treeafa6538b365c0016df8e360aab9f7539a0629f4c /sys-apps
parentStable on sparc (diff)
downloadhistorical-ccca10aaea38f831eb0d0eb15d5636be158a2321.tar.gz
historical-ccca10aaea38f831eb0d0eb15d5636be158a2321.tar.bz2
historical-ccca10aaea38f831eb0d0eb15d5636be158a2321.zip
Version bump #75007.
Diffstat (limited to 'sys-apps')
-rw-r--r--sys-apps/sysvinit/ChangeLog9
-rw-r--r--sys-apps/sysvinit/Manifest17
-rw-r--r--sys-apps/sysvinit/files/2.86-gentoo.patch25
-rw-r--r--sys-apps/sysvinit/files/2.86-selinux.patch219
-rw-r--r--sys-apps/sysvinit/files/digest-sysvinit-2.861
-rw-r--r--sys-apps/sysvinit/files/inittab7
-rw-r--r--sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch242
-rw-r--r--sys-apps/sysvinit/sysvinit-2.86.ebuild64
8 files changed, 575 insertions, 9 deletions
diff --git a/sys-apps/sysvinit/ChangeLog b/sys-apps/sysvinit/ChangeLog
index d2824aeb3458..fdc2e48373cc 100644
--- a/sys-apps/sysvinit/ChangeLog
+++ b/sys-apps/sysvinit/ChangeLog
@@ -1,6 +1,13 @@
# ChangeLog for sys-apps/sysvinit
# Copyright 2002-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.14 2004/08/24 03:37:25 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/ChangeLog,v 1.15 2004/12/22 03:25:20 vapier Exp $
+
+*sysvinit-2.86 (21 Dec 2004)
+
+ 21 Dec 2004; Mike Frysinger <vapier@gentoo.org> +files/2.86-gentoo.patch,
+ +files/2.86-selinux.patch, files/inittab,
+ +files/sysvinit-2.86-selinux.patch, +sysvinit-2.86.ebuild:
+ Version bump #75007.
24 Aug 2004; Sven Wegener <swegener@gentoo.org> sysvinit-2.85-r1.ebuild:
Sync IUSE (build and bootstrap missing)
diff --git a/sys-apps/sysvinit/Manifest b/sys-apps/sysvinit/Manifest
index d418ce8e756c..345686225383 100644
--- a/sys-apps/sysvinit/Manifest
+++ b/sys-apps/sysvinit/Manifest
@@ -1,16 +1,21 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
-MD5 0d7c267c0c504f5e5a322ae34f402552 ChangeLog 1943
+MD5 0301c1434f0e57f5c56b1f9fdd6fb794 ChangeLog 2176
MD5 9a09f8d531c582e78977dbfd96edc1f2 metadata.xml 164
+MD5 72a2318164da922dc920eba3e69efc80 sysvinit-2.86.ebuild 1962
MD5 4bb35af95759582d45324cdf3bc237b7 sysvinit-2.85-r1.ebuild 2545
-MD5 6e4627df68938fb6fd18afb1aea2bb8a files/inittab 1561
-MD5 38c0059ecfaa1b09e59a75cc2780aa94 files/digest-sysvinit-2.85-r1 64
+MD5 64af9a15df244a29ebd5d09307f21a9b files/digest-sysvinit-2.86 64
+MD5 5f94105e0b503a39fda5fb65d885e16c files/2.86-gentoo.patch 641
+MD5 ee95909bb06edb0cb0ffcb6800ce3226 files/2.86-selinux.patch 5706
+MD5 eb3296226618c9805517b4fca35c242e files/inittab 1672
+MD5 3c171d9c843284ce606663e4e6da26e9 files/sysvinit-2.86-selinux.patch 6448
MD5 3c171d9c843284ce606663e4e6da26e9 files/sysvinit-2.85-selinux.patch 6448
+MD5 38c0059ecfaa1b09e59a75cc2780aa94 files/digest-sysvinit-2.85-r1 64
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.9.10 (GNU/Linux)
-iD8DBQFBxvD7roRuSHgZdywRAv48AJ4zU5TGLKHzyoTn47VjahfjRBg+PQCfaflc
-phe7xGKxGrRh5w+6PN3AF48=
-=QvwE
+iD8DBQFByOk8roRuSHgZdywRAsWjAJ9zPDNjtnK63FjQDbUV76OqoQWdmQCZAW8x
+wx/26inoU2GrElDyhfv1m/I=
+=Bjww
-----END PGP SIGNATURE-----
diff --git a/sys-apps/sysvinit/files/2.86-gentoo.patch b/sys-apps/sysvinit/files/2.86-gentoo.patch
new file mode 100644
index 000000000000..c3322a8e2e00
--- /dev/null
+++ b/sys-apps/sysvinit/files/2.86-gentoo.patch
@@ -0,0 +1,25 @@
+--- src/Makefile.orig 2004-12-21 22:08:42.607088800 -0500
++++ src/Makefile 2004-12-21 22:12:56.409504968 -0500
+@@ -10,5 +10,3 @@
+
+-CC = gcc
+-CFLAGS = -Wall -O2 -fomit-frame-pointer -D_GNU_SOURCE
+-LDFLAGS = -s
++CFLAGS += -Wall -D_GNU_SOURCE
+ STATIC =
+@@ -33,2 +31,9 @@
+
++ifeq ($(DISTRO),Gentoo)
++SBIN += sulogin bootlogd
++USRBIN += utmpdump wall
++MAN1 += wall.1
++MAN8 += sulogin.8 bootlogd.8
++endif
++
+ ifeq ($(DISTRO),Debian)
+@@ -112,2 +117,5 @@
+ install:
++ $(INSTALL) -d $(ROOT)/bin $(ROOT)/sbin $(ROOT)/usr/bin \
++ $(ROOT)/usr/include $(ROOT)/$(MANDIR)/man1 $(ROOT)/$(MANDIR)/man5 \
++ $(ROOT)/$(MANDIR)/man8
+ for i in $(BIN); do \
diff --git a/sys-apps/sysvinit/files/2.86-selinux.patch b/sys-apps/sysvinit/files/2.86-selinux.patch
new file mode 100644
index 000000000000..9bda14ef63a7
--- /dev/null
+++ b/sys-apps/sysvinit/files/2.86-selinux.patch
@@ -0,0 +1,219 @@
+--- sysvinit-2.85/src/Makefile.selinux 2004-06-09 15:28:47.439412648 -0400
++++ sysvinit-2.85/src/Makefile 2004-06-09 15:28:47.517400792 -0400
+@@ -12,2 +12,4 @@
+ STATIC =
++CFLAGS += -DWITH_SELINUX
++LDFLAGS += -lselinux
+
+--- sysvinit-2.85/src/init.c.selinux 2004-06-09 15:28:47.478406720 -0400
++++ sysvinit-2.85/src/init.c 2004-06-09 15:29:03.208015456 -0400
+@@ -48,6 +48,10 @@
+ #include <stdarg.h>
+ #include <sys/syslog.h>
+ #include <sys/time.h>
++#include <sys/mman.h>
++#include <selinux/selinux.h>
++#include <sys/mount.h>
++
+
+ #ifdef __i386__
+ # if (__GLIBC__ >= 2)
+@@ -103,6 +107,7 @@
+ int dfl_level = 0; /* Default runlevel */
+ sig_atomic_t got_cont = 0; /* Set if we received the SIGCONT signal */
+ sig_atomic_t got_signals; /* Set if we received a signal. */
++int enforcing = -1; /* SELinux enforcing mode */
+ int emerg_shell = 0; /* Start emergency shell? */
+ int wrote_wtmp_reboot = 1; /* Set when we wrote the reboot record */
+ int wrote_utmp_reboot = 1; /* Set when we wrote the reboot record */
+@@ -187,6 +192,130 @@
+ {NULL,0}
+ };
+
++/* Mount point for selinuxfs. */
++#define SELINUXMNT "/selinux/"
++
++static int load_policy(int *enforce)
++{
++ int fd=-1,ret=-1;
++ int rc=0;
++ struct stat sb;
++ void *map;
++ char policy_file[PATH_MAX];
++ int policy_version=0;
++ extern char *selinux_mnt;
++ FILE *cfg;
++ char buf[4096];
++ int seconfig = -2;
++
++ selinux_getenforcemode(&seconfig);
++
++ mount("none", "/proc", "proc", 0, 0);
++ cfg = fopen("/proc/cmdline","r");
++ if (cfg) {
++ char *tmp;
++ if (fgets(buf,4096,cfg) && (tmp = strstr(buf,"enforcing="))) {
++ if (tmp == buf || isspace(*(tmp-1))) {
++ enforcing=atoi(tmp+10);
++ }
++ }
++ fclose(cfg);
++ }
++#define MNT_DETACH 2
++ umount2("/proc",MNT_DETACH);
++
++ if (enforcing >=0)
++ *enforce = enforcing;
++ else if (seconfig == 1)
++ *enforce = 1;
++
++ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
++ if (errno == ENODEV) {
++ log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
++ *enforce = 0;
++ } else {
++ log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
++ }
++ return ret;
++ }
++
++ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
++
++ policy_version=security_policyvers();
++ if (policy_version < 0) {
++ log(L_VB, "Can't get policy version: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++
++ rc = security_getenforce();
++ if (rc < 0) {
++ log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ if (enforcing >= 0) {
++ *enforce = enforcing;
++ } else if (seconfig == -1) {
++ *enforce = 0;
++ rc = security_disable();
++ if (rc == 0) umount(SELINUXMNT);
++ if (rc < 0) {
++ rc = security_setenforce(0);
++ if (rc < 0) {
++ log(L_VB, "Can't disable SELinux: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ }
++ ret = 0;
++ goto UMOUNT;
++ } else if (seconfig >= 0) {
++ *enforce = seconfig;
++ rc = security_setenforce(seconfig);
++ if (rc < 0) {
++ log(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ }
++
++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version);
++ fd = open(policy_file, O_RDONLY);
++ if (fd < 0) {
++ /* Check previous version to see if old policy is available
++ */
++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1);
++ fd = open(policy_file, O_RDONLY);
++ if (fd < 0) {
++ log(L_VB, "Can't open '%s.%d': %s\n",
++ selinux_binary_policy_path(),policy_version,strerror(errno));
++ goto UMOUNT;
++ }
++ }
++
++ if (fstat(fd, &sb) < 0) {
++ log(L_VB, "Can't stat '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++
++ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
++ if (map == MAP_FAILED) {
++ log(L_VB, "Can't map '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++ log(L_VB, "Loading security policy\n");
++ ret=security_load_policy(map, sb.st_size);
++ if (ret < 0) {
++ log(L_VB, "security_load_policy failed\n");
++ }
++
++UMOUNT:
++ /*umount(SELINUXMNT); */
++ if ( fd >= 0) {
++ close(fd);
++ }
++ return(ret);
++}
++
+ /*
+ * Sleep a number of seconds.
+ *
+@@ -2513,6 +2642,7 @@
+ char *p;
+ int f;
+ int isinit;
++ int enforce = 0;
+
+ /* Get my own name */
+ if ((p = strrchr(argv[0], '/')) != NULL)
+@@ -2576,6 +2706,20 @@
+ maxproclen += strlen(argv[f]) + 1;
+ }
+
++ if (getenv("SELINUX_INIT") == NULL) {
++ putenv("SELINUX_INIT=YES");
++ if (load_policy(&enforce) == 0 ) {
++ execv(myname, argv);
++ } else {
++ if (enforce > 0) {
++ /* SELinux in enforcing mode but load_policy failed */
++ /* At this point, we probably can't open /dev/console, so log() won't work */
++ printf("Enforcing mode requested but no policy loaded. Halting now.\n");
++ exit(1);
++ }
++ }
++ }
++
+ /* Start booting. */
+ argv0 = argv[0];
+ argv[1] = NULL;
+--- sysvinit-2.85/src/sulogin.c.selinux 2004-06-09 15:28:47.321430584 -0400
++++ sysvinit-2.85/src/sulogin.c 2004-06-09 15:28:47.523399880 -0400
+@@ -28,7 +28,10 @@
+ #if defined(__GLIBC__)
+ # include <crypt.h>
+ #endif
+-
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++#endif
+ #define CHECK_DES 1
+ #define CHECK_MD5 1
+
+@@ -332,6 +335,16 @@
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTSTP, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
++#ifdef WITH_SELINUX
++ if (is_selinux_enabled > 0) {
++ security_context_t* contextlist=NULL;
++ if (get_ordered_context_list("root", 0, &contextlist) > 0) {
++ if (setexeccon(contextlist[0]) != 0)
++ fprintf(stderr, "setexeccon faile\n");
++ freeconary(contextlist);
++ }
++ }
++#endif
+ execl(sushell, shell, NULL);
+ perror(sushell);
+
diff --git a/sys-apps/sysvinit/files/digest-sysvinit-2.86 b/sys-apps/sysvinit/files/digest-sysvinit-2.86
new file mode 100644
index 000000000000..54a6379cb3f0
--- /dev/null
+++ b/sys-apps/sysvinit/files/digest-sysvinit-2.86
@@ -0,0 +1 @@
+MD5 7d5d61c026122ab791ac04c8a84db967 sysvinit-2.86.tar.gz 99009
diff --git a/sys-apps/sysvinit/files/inittab b/sys-apps/sysvinit/files/inittab
index 95be8f10ca95..ab1baf3da7c2 100644
--- a/sys-apps/sysvinit/files/inittab
+++ b/sys-apps/sysvinit/files/inittab
@@ -7,9 +7,8 @@
# Modified by: Daniel Robbins, <drobbins@gentoo.org>
# Modified by: Martin Schlemmer, <azarah@gentoo.org>
#
-# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab,v 1.1 2004/06/29 19:32:50 agriffis Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/files/inittab,v 1.2 2004/12/22 03:25:20 vapier Exp $
-#
# Default runlevel.
id:3:initdefault:
@@ -36,6 +35,10 @@ c4:12345:respawn:/sbin/agetty 38400 tty4 linux
c5:12345:respawn:/sbin/agetty 38400 tty5 linux
c6:12345:respawn:/sbin/agetty 38400 tty6 linux
+# SERIAL CONSOLES
+#s0:12345:respawn:/sbin/agetty 9600 ttyS0 vt100
+#s1:12345:respawn:/sbin/agetty 9600 ttyS1 vt100
+
# What to do at the "Three Finger Salute".
ca:12345:ctrlaltdel:/sbin/shutdown -r now
diff --git a/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch b/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch
new file mode 100644
index 000000000000..4ba08b635071
--- /dev/null
+++ b/sys-apps/sysvinit/files/sysvinit-2.86-selinux.patch
@@ -0,0 +1,242 @@
+--- sysvinit-2.85/src/Makefile.selinux 2004-06-09 15:28:47.439412648 -0400
++++ sysvinit-2.85/src/Makefile 2004-06-09 15:28:47.517400792 -0400
+@@ -35,7 +35,7 @@
+ all: $(PROGS)
+
+ init: init.o init_utmp.o
+- $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o
++ $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux
+
+ halt: halt.o ifdown.o hddown.o utmp.o reboot.h
+ $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o
+@@ -53,7 +53,7 @@
+ $(CC) $(LDFLAGS) -o $@ runlevel.o
+
+ sulogin: sulogin.o
+- $(CC) $(LDFLAGS) $(STATIC) -o $@ sulogin.o $(LCRYPT)
++ $(CC) $(LDFLAGS) $(STATIC) -DWITH_SELINUX -o $@ sulogin.o $(LCRYPT) -lselinux
+
+ wall: dowall.o wall.o
+ $(CC) $(LDFLAGS) -o $@ dowall.o wall.o
+@@ -64,7 +64,7 @@
+ bootlogd: bootlogd.o
+ $(CC) $(LDFLAGS) -o $@ bootlogd.o
+
+ init.o: init.c init.h set.h reboot.h
+- $(CC) -c $(CFLAGS) init.c
++ $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c
+
+ utmp.o: utmp.c init.h
+ $(CC) -c $(CFLAGS) utmp.c
+--- sysvinit-2.85/src/init.c.selinux 2004-06-09 15:28:47.478406720 -0400
++++ sysvinit-2.85/src/init.c 2004-06-09 15:29:03.208015456 -0400
+@@ -48,6 +48,10 @@
+ #include <stdarg.h>
+ #include <sys/syslog.h>
+ #include <sys/time.h>
++#include <sys/mman.h>
++#include <selinux/selinux.h>
++#include <sys/mount.h>
++
+
+ #ifdef __i386__
+ # if (__GLIBC__ >= 2)
+@@ -103,6 +107,7 @@
+ int dfl_level = 0; /* Default runlevel */
+ sig_atomic_t got_cont = 0; /* Set if we received the SIGCONT signal */
+ sig_atomic_t got_signals; /* Set if we received a signal. */
++int enforcing = -1; /* SELinux enforcing mode */
+ int emerg_shell = 0; /* Start emergency shell? */
+ int wrote_wtmp_reboot = 1; /* Set when we wrote the reboot record */
+ int wrote_utmp_reboot = 1; /* Set when we wrote the reboot record */
+@@ -187,6 +192,130 @@
+ {NULL,0}
+ };
+
++/* Mount point for selinuxfs. */
++#define SELINUXMNT "/selinux/"
++
++static int load_policy(int *enforce)
++{
++ int fd=-1,ret=-1;
++ int rc=0;
++ struct stat sb;
++ void *map;
++ char policy_file[PATH_MAX];
++ int policy_version=0;
++ extern char *selinux_mnt;
++ FILE *cfg;
++ char buf[4096];
++ int seconfig = -2;
++
++ selinux_getenforcemode(&seconfig);
++
++ mount("none", "/proc", "proc", 0, 0);
++ cfg = fopen("/proc/cmdline","r");
++ if (cfg) {
++ char *tmp;
++ if (fgets(buf,4096,cfg) && (tmp = strstr(buf,"enforcing="))) {
++ if (tmp == buf || isspace(*(tmp-1))) {
++ enforcing=atoi(tmp+10);
++ }
++ }
++ fclose(cfg);
++ }
++#define MNT_DETACH 2
++ umount2("/proc",MNT_DETACH);
++
++ if (enforcing >=0)
++ *enforce = enforcing;
++ else if (seconfig == 1)
++ *enforce = 1;
++
++ if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) {
++ if (errno == ENODEV) {
++ log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno));
++ *enforce = 0;
++ } else {
++ log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno));
++ }
++ return ret;
++ }
++
++ selinux_mnt = SELINUXMNT; /* set manually since we mounted it */
++
++ policy_version=security_policyvers();
++ if (policy_version < 0) {
++ log(L_VB, "Can't get policy version: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++
++ rc = security_getenforce();
++ if (rc < 0) {
++ log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ if (enforcing >= 0) {
++ *enforce = enforcing;
++ } else if (seconfig == -1) {
++ *enforce = 0;
++ rc = security_disable();
++ if (rc == 0) umount(SELINUXMNT);
++ if (rc < 0) {
++ rc = security_setenforce(0);
++ if (rc < 0) {
++ log(L_VB, "Can't disable SELinux: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ }
++ ret = 0;
++ goto UMOUNT;
++ } else if (seconfig >= 0) {
++ *enforce = seconfig;
++ rc = security_setenforce(seconfig);
++ if (rc < 0) {
++ log(L_VB, "Can't set SELinux enforcement flag: %s\n", strerror(errno));
++ goto UMOUNT;
++ }
++ }
++
++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version);
++ fd = open(policy_file, O_RDONLY);
++ if (fd < 0) {
++ /* Check previous version to see if old policy is available
++ */
++ snprintf(policy_file,sizeof(policy_file),"%s.%d",selinux_binary_policy_path(),policy_version-1);
++ fd = open(policy_file, O_RDONLY);
++ if (fd < 0) {
++ log(L_VB, "Can't open '%s.%d': %s\n",
++ selinux_binary_policy_path(),policy_version,strerror(errno));
++ goto UMOUNT;
++ }
++ }
++
++ if (fstat(fd, &sb) < 0) {
++ log(L_VB, "Can't stat '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++
++ map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0);
++ if (map == MAP_FAILED) {
++ log(L_VB, "Can't map '%s': %s\n",
++ policy_file, strerror(errno));
++ goto UMOUNT;
++ }
++ log(L_VB, "Loading security policy\n");
++ ret=security_load_policy(map, sb.st_size);
++ if (ret < 0) {
++ log(L_VB, "security_load_policy failed\n");
++ }
++
++UMOUNT:
++ /*umount(SELINUXMNT); */
++ if ( fd >= 0) {
++ close(fd);
++ }
++ return(ret);
++}
++
+ /*
+ * Sleep a number of seconds.
+ *
+@@ -2513,6 +2642,7 @@
+ char *p;
+ int f;
+ int isinit;
++ int enforce = 0;
+
+ /* Get my own name */
+ if ((p = strrchr(argv[0], '/')) != NULL)
+@@ -2576,6 +2706,20 @@
+ maxproclen += strlen(argv[f]) + 1;
+ }
+
++ if (getenv("SELINUX_INIT") == NULL) {
++ putenv("SELINUX_INIT=YES");
++ if (load_policy(&enforce) == 0 ) {
++ execv(myname, argv);
++ } else {
++ if (enforce > 0) {
++ /* SELinux in enforcing mode but load_policy failed */
++ /* At this point, we probably can't open /dev/console, so log() won't work */
++ printf("Enforcing mode requested but no policy loaded. Halting now.\n");
++ exit(1);
++ }
++ }
++ }
++
+ /* Start booting. */
+ argv0 = argv[0];
+ argv[1] = NULL;
+--- sysvinit-2.85/src/sulogin.c.selinux 2004-06-09 15:28:47.321430584 -0400
++++ sysvinit-2.85/src/sulogin.c 2004-06-09 15:28:47.523399880 -0400
+@@ -28,7 +28,10 @@
+ #if defined(__GLIBC__)
+ # include <crypt.h>
+ #endif
+-
++#ifdef WITH_SELINUX
++#include <selinux/selinux.h>
++#include <selinux/get_context_list.h>
++#endif
+ #define CHECK_DES 1
+ #define CHECK_MD5 1
+
+@@ -332,6 +335,16 @@
+ signal(SIGINT, SIG_DFL);
+ signal(SIGTSTP, SIG_DFL);
+ signal(SIGQUIT, SIG_DFL);
++#ifdef WITH_SELINUX
++ if (is_selinux_enabled > 0) {
++ security_context_t* contextlist=NULL;
++ if (get_ordered_context_list("root", 0, &contextlist) > 0) {
++ if (setexeccon(contextlist[0]) != 0)
++ fprintf(stderr, "setexeccon faile\n");
++ freeconary(contextlist);
++ }
++ }
++#endif
+ execl(sushell, shell, NULL);
+ perror(sushell);
+
diff --git a/sys-apps/sysvinit/sysvinit-2.86.ebuild b/sys-apps/sysvinit/sysvinit-2.86.ebuild
new file mode 100644
index 000000000000..dd3e1cd19272
--- /dev/null
+++ b/sys-apps/sysvinit/sysvinit-2.86.ebuild
@@ -0,0 +1,64 @@
+# Copyright 1999-2004 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+# $Header: /var/cvsroot/gentoo-x86/sys-apps/sysvinit/sysvinit-2.86.ebuild,v 1.1 2004/12/22 03:25:20 vapier Exp $
+
+inherit eutils toolchain-funcs
+
+DESCRIPTION="/sbin/init - parent of all processes"
+HOMEPAGE="http://freshmeat.net/projects/sysvinit/"
+SRC_URI="ftp://ftp.cistron.nl/pub/people/miquels/software/${P}.tar.gz
+ ftp://sunsite.unc.edu/pub/Linux/system/daemons/init/${P}.tar.gz"
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86"
+KEYWORDS="-*"
+IUSE="selinux bootstrap build"
+
+RDEPEND="selinux? ( >=sys-libs/libselinux-1.14 )"
+DEPEND="${RDEPEND}
+ virtual/os-headers"
+
+src_unpack() {
+ unpack ${A}
+ cd ${S}/src
+
+ epatch ${FILESDIR}/${PV}-gentoo.patch
+ use selinux && epatch ${FILESDIR}/${PV}-selinux.patch
+}
+
+src_compile() {
+ # Note: The LCRYPT define below overrides the test in
+ # sysvinit's Makefile. This is because sulogin must be linked
+ # to libcrypt in any case, but when building stage2 in
+ # catalyst, /usr/lib/libcrypt.a isn't available. In truth
+ # this doesn't change how sulogin is built since ld would use
+ # the shared obj by default anyway! The other option is to
+ # refrain from building sulogin, but that isn't a good option.
+ # (09 Jul 2004 agriffis)
+ emake -C src \
+ CC=$(tc-getCC) \
+ DISTRO="Gentoo" \
+ LCRYPT="-lcrypt" \
+ || die
+}
+
+src_install() {
+ dodoc README doc/*
+
+ cd src
+ make install DISTRO="Gentoo" ROOT="${D}" || die "make install"
+
+ insinto /etc
+ doins ${FILESDIR}/inittab || die "inittab"
+}
+
+pkg_postinst() {
+ # Reload init to fix unmounting problems of / on next reboot.
+ # This is really needed, as without the new version of init cause init
+ # not to quit properly on reboot, and causes a fsck of / on next reboot.
+ if [[ ${ROOT} == / ]] && ! use build && ! use bootstrap; then
+ # Do not return an error if this fails
+ /sbin/init U &>/dev/null
+ fi
+}