|
Michal Schmidt |
706a2f |
From ef9d7dca5463e64510e174d55a869b4d5a3c4e84 Mon Sep 17 00:00:00 2001
|
|
Michal Schmidt |
706a2f |
From: Michal Schmidt <mschmidt@redhat.com>
|
|
Michal Schmidt |
706a2f |
Date: Tue, 7 Jun 2011 00:48:16 +0200
|
|
Michal Schmidt |
706a2f |
Subject: [PATCH 4/4] selinux: selinuxfs can be mounted on /sys/fs/selinux
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
The kernel now provides the /sys/fs/selinux mountpoint and libselinux
|
|
Michal Schmidt |
706a2f |
prefers it if it's available.
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
systemd currently tests only for /selinux and this leads to an infinite
|
|
Michal Schmidt |
706a2f |
loop of policy reloads in the latest Rawhide.
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
Fix it by checking both possible mountpoints.
|
|
Michal Schmidt |
706a2f |
Also add the new path to ignore_paths[].
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
/selinux appears also in nspawn.c. I don't think it's necessary to
|
|
Michal Schmidt |
706a2f |
change it there at this point.
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
https://bugzilla.redhat.com/show_bug.cgi?id=711015
|
|
Michal Schmidt |
706a2f |
---
|
|
Michal Schmidt |
706a2f |
src/mount-setup.c | 1 +
|
|
Michal Schmidt |
706a2f |
src/selinux-setup.c | 3 ++-
|
|
Michal Schmidt |
706a2f |
2 files changed, 3 insertions(+), 1 deletions(-)
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
diff --git a/src/mount-setup.c b/src/mount-setup.c
|
|
Michal Schmidt |
706a2f |
index 48c32ea..6feee6a 100644
|
|
Michal Schmidt |
706a2f |
--- a/src/mount-setup.c
|
|
Michal Schmidt |
706a2f |
+++ b/src/mount-setup.c
|
|
Michal Schmidt |
706a2f |
@@ -63,6 +63,7 @@ static const MountPoint mount_table[] = {
|
|
Michal Schmidt |
706a2f |
* we just list them here so that we know that we should ignore them */
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
static const char * const ignore_paths[] = {
|
|
Michal Schmidt |
706a2f |
+ "/sys/fs/selinux",
|
|
Michal Schmidt |
706a2f |
"/selinux",
|
|
Michal Schmidt |
706a2f |
"/proc/bus/usb"
|
|
Michal Schmidt |
706a2f |
};
|
|
Michal Schmidt |
706a2f |
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
|
|
Michal Schmidt |
706a2f |
index c32c7ad..9ff27dc 100644
|
|
Michal Schmidt |
706a2f |
--- a/src/selinux-setup.c
|
|
Michal Schmidt |
706a2f |
+++ b/src/selinux-setup.c
|
|
Michal Schmidt |
706a2f |
@@ -39,7 +39,8 @@ int selinux_setup(char *const argv[]) {
|
|
Michal Schmidt |
706a2f |
int enforce = 0;
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
/* Already initialized? */
|
|
Michal Schmidt |
706a2f |
- if (path_is_mount_point("/selinux") > 0)
|
|
Michal Schmidt |
706a2f |
+ if (path_is_mount_point("/sys/fs/selinux") > 0 ||
|
|
Michal Schmidt |
706a2f |
+ path_is_mount_point("/selinux") > 0)
|
|
Michal Schmidt |
706a2f |
return 0;
|
|
Michal Schmidt |
706a2f |
|
|
Michal Schmidt |
706a2f |
/* Before we load the policy we create a flag file to ensure
|
|
Michal Schmidt |
706a2f |
--
|
|
Michal Schmidt |
706a2f |
1.7.4.4
|
|
Michal Schmidt |
706a2f |
|