Peter Jones (pjones@xxxxxxxxxx) said:
> int loadPolicyCommand(char *cmd, char *end)
> {
> int enforce = 0;
> int rootfd;
>
> rootfd = open("/", O_DIRECTORY|O_RDONLY);
> if (rootfd < 0) {
> eprintf("loadpolicy: could not open directory: %m\n");
> exit(1);
> }
> if (chroot("/sysroot") != 0) {
> eprintf("loadpolicy: chroot failed: %m\n");
> exit(1);
> }
> if (selinux_init_policy(&enforce) != 0) {
> eprintf("Unable to load SELinux policy (%m). Halting now.\n");
> exit(1);
> }
selinux_init_load_policy is what handles enforcing=0/selinux=0 on the
commandline - you only want to halt if you get back that it failed
and you're in enforcing mode. (Similarly, not sure if chdir/chroot
should be fatal errors.)
Bill
--
fedora-selinux-list mailing list
fedora-selinux-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-selinux-list
