This check is a remnant of the libselinux <2.5 era, back when
is_selinux_enabled() checked whether a policy had been loaded. Nowadays
it only checks whether selinuxfs is mounted, and "load_policy -i"
therefore incorrectly refuses operation when selinuxfs is mounted, but
no policy has been loaded yet.
While it doesn't make much sense to call selinux_init_load_policy()
twice, there's no harm in doing so either, so let's just drop this
safeguard instead of fixing it.
---
policycoreutils/load_policy/load_policy.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
index 7c2c2a7..2707d6f 100644
--- a/policycoreutils/load_policy/load_policy.c
+++ b/policycoreutils/load_policy/load_policy.c
@@ -65,13 +65,6 @@ int main(int argc, char **argv)
argv[0], argv[optind++]);
}
if (init) {
- if (is_selinux_enabled() == 1) {
- /* SELinux is already enabled, we should not do an initial load again */
- fprintf(stderr,
- _("%s: Policy is already loaded and initial load requested\n"),
- argv[0]);
- exit(2);
- }
ret = selinux_init_load_policy(&enforce);
if (ret != 0 ) {
if (enforce > 0) {
--
2.12.2
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
