Package: initscripts Version: 2.86.ds1-5 Severity: wishlist Tags: patch While reviewing the RedHat boot system, I discovered that they are disabling SELinux before calling sulogin after a fsck failure. Should we do the same?
Here is a patch relative to current CVS to enable this. It uses the /usr/sbin/selinuxenabled program to detect SELinux. This will probably fail if /usr/ is on a separate partition from the root partition. An alternative, and the code used in RedHat to detect SELinux, is to make a function with content like this: # Check SELinux status selinuxfs=`awk '/ selinuxfs / { print $2 }' /proc/mounts` SELINUX= if [ -n "$selinuxfs" ] && [ "`cat /proc/self/attr/current`" != "kernel" ]; then if [ -r $selinuxfs/enforce ] ; then SELINUX=`cat $selinuxfs/enforce` else # assume enforcing if you can't read it SELINUX=1 fi fi Index: debian/initscripts/etc/init.d/functions.sh =================================================================== --- debian/initscripts/etc/init.d/functions.sh (revisjon 156) +++ debian/initscripts/etc/init.d/functions.sh (arbeidskopi) @@ -14,3 +14,14 @@ fi return 1 } + +# +# Disable selinux before enabling recovery mode, to make it possible +# to fix problems. +# +disable_selinux () { + echo "*** Warning -- SELinux is active" + echo "*** Disabling security enforcement for system recovery." + echo "*** Run 'setenforce 1' to reenable." + echo "0" > $selinuxfs/enforce +} Index: debian/initscripts/etc/init.d/checkfs.sh =================================================================== --- debian/initscripts/etc/init.d/checkfs.sh (revisjon 156) +++ debian/initscripts/etc/init.d/checkfs.sh (arbeidskopi) @@ -57,6 +57,7 @@ then log_failure_msg "File system check failed. Please repair manually." log_success_msg "CONTROL-D will exit from this shell and continue system startup." + /usr/sbin/selinuxenabled && disable_selinux # Start a single user shell on the console /sbin/sulogin $CONSOLE else Index: debian/initscripts/etc/init.d/checkroot.sh =================================================================== --- debian/initscripts/etc/init.d/checkroot.sh (revisjon 156) +++ debian/initscripts/etc/init.d/checkroot.sh (arbeidskopi) @@ -170,6 +170,7 @@ log_failure_msg "The system is also unable to create a temporary node in /dev/shm." log_failure_msg "This means you have to fix the problem manually." log_failure_msg "CONTROL-D will exit from this shell and REBOOT the system." + /usr/sbin/selinuxenabled && disable_selinux # Start a single user shell on the console /sbin/sulogin $CONSOLE reboot -f @@ -279,6 +280,7 @@ log_failure_msg " # mount -n -o remount,rw /" log_failure_msg "In order to exit from the maintenance shell, press CONTROL-D" log_failure_msg "and the system will REBOOT." + /usr/sbin/selinuxenabled && disable_selinux # Start a single user shell on the console /sbin/sulogin $CONSOLE reboot -f -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]