--- sysvinit-2.85/src/init.c.selinux 2003-11-10 14:56:40.687719862 -0500 +++ sysvinit-2.85/src/init.c 2003-11-10 14:56:55.856964055 -0500 @@ -78,6 +78,78 @@ sigemptyset(&sa.sa_mask); \ sigaction(sig, &sa, NULL); \ } while(0) +#ifdef WITH_SELINUX +#include +#include +#include + +static int load_policy(int *enforce) +{ + int fd=-1,ret=-1; + int rc=0; + struct stat sb; + void *map; + char policy_file[PATH_MAX]; + int policy_version=0; + + log(L_VB, "Loading security policy\n"); + if (mount("none", SELINUXMNT, "selinuxfs", 0, 0) < 0) { + if (errno == ENODEV) { + log(L_VB, "SELinux not supported by kernel: %s\n",SELINUXMNT,strerror(errno)); + } + else { + log(L_VB, "Failed to mount %s: %s\n",SELINUXMNT,strerror(errno)); + return ret; + } + return ret; /* Never gets here */ + } + + policy_version=security_policyvers(); + if (policy_version < 0) { + log(L_VB, "Can't get policy version: %s\n", strerror(errno)); + goto UMOUNT; + } + + rc=security_getenforce(); + if (rc < 0) { + log(L_VB, "Can't get SELinux enforcement flag: %s\n", strerror(errno)); + goto UMOUNT; + } + *enforce=rc; + + snprintf(policy_file,sizeof(policy_file),"%s.%d",SELINUXPOLICY,policy_version); + fd = open(policy_file, O_RDONLY); + if (fd < 0) { + log(L_VB, "Can't open '%s': %s\n", + policy_file, strerror(errno)); + goto UMOUNT; + } + + if (fstat(fd, &sb) < 0) { + log(L_VB, "Can't stat '%s': %s\n", + policy_file, strerror(errno)); + goto UMOUNT; + } + + map = mmap(NULL, sb.st_size, PROT_READ, MAP_SHARED, fd, 0); + if (map == MAP_FAILED) { + log(L_VB, "Can't map '%s': %s\n", + policy_file, strerror(errno)); + goto UMOUNT; + } + ret=security_load_policy(map, sb.st_size); + if (ret < 0) { + log(L_VB, "security_load_policy failed\n"); + } + + UMOUNT: + umount(SELINUXMNT); + if ( fd >= 0) { + close(fd); + } + return(ret); +} +#endif /* Version information */ char *Version = "@(#) init " VERSION " " DATE " miquels@cistron.nl"; @@ -2576,6 +2648,20 @@ maxproclen += strlen(argv[f]) + 1; } +#ifdef WITH_SELINUX + if (getenv("SELINUX_INIT") == NULL) { + putenv("SELINUX_INIT=YES"); + int enforce=0; + if (load_policy(&enforce) == 0 ) { + execv(myname, argv); + } else { + if (enforce) + /* SELinux in enforcing mode but load_policy failed */ + exit(1); + } + } +#endif + /* Start booting. */ argv0 = argv[0]; argv[1] = NULL; --- sysvinit-2.85/src/Makefile.selinux 2003-11-10 14:56:40.430749605 -0500 +++ sysvinit-2.85/src/Makefile 2003-11-10 14:56:40.725715464 -0500 @@ -32,7 +32,7 @@ all: $(PROGS) init: init.o init_utmp.o - $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o + $(CC) $(LDFLAGS) $(STATIC) -o $@ init.o init_utmp.o -lselinux halt: halt.o ifdown.o hddown.o utmp.o reboot.h $(CC) $(LDFLAGS) -o $@ halt.o ifdown.o hddown.o utmp.o @@ -62,7 +62,7 @@ $(CC) $(LDFLAGS) -o $@ bootlogd.o init.o: init.c init.h set.h reboot.h - $(CC) -c $(CFLAGS) init.c + $(CC) -c $(CFLAGS) -DWITH_SELINUX init.c utmp.o: utmp.c init.h $(CC) -c $(CFLAGS) utmp.c