As reported in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864479 using a kernel configuration with CONFIG_SECURITY_SELINUX_DISABLE=n and a /etc/selinux/config with SELINUX=disabled leads to a boot failure. Fix this by always unmounting selinuxfs if /etc/selinux/config has SELINUX=disabled even if unable to successfully disable SELinux. This will ensure that subsequent is_selinux_enabled() tests will return 0 (disabled) and userspace will therefore skip any SELinux processing. Reported-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Reported-by: Laurent Bigonville <bigon@xxxxxxxxxx> Signed-off-by: Stephen Smalley <sds@xxxxxxxxxxxxx> --- libselinux/src/load_policy.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 7f08311..e9f1264 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -449,8 +449,11 @@ int selinux_init_load_policy(int *enforce) } } - if (seconfig == -1) + if (seconfig == -1) { + umount(selinux_mnt); + fini_selinuxmnt(); goto noload; + } /* Load the policy. */ return selinux_mkload_policy(0); -- 2.9.4
