1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-14 15:21:37 +03:00
Commit Graph

12 Commits

Author SHA1 Message Date
Lennart Poettering
4ef3108288 selinux: mount /sys, /proc, /dev before we load the SELinux policy 2011-07-29 01:49:46 +02:00
Lennart Poettering
0b3325e79e selinux: use setcon() instead of reexec to apply selinux policy 2011-07-28 23:52:23 +02:00
Michael Biebl
288088b86c Remove a stray empty line 2011-07-28 15:03:30 +02:00
Michael Biebl
25bafad67f Don't show a warning message in non-enforcing mode.
If we fail to load the SELinux policy only log an error message in
enforcing mode.
2011-07-28 15:01:41 +02:00
Lennart Poettering
0843f2d65e selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized 2011-07-25 21:59:05 +02:00
Lennart Poettering
871e580949 selinux: log how much time it takes to load the SELinux policy and database 2011-07-25 21:22:57 +02:00
Michal Schmidt
ef9d7dca54 selinux: selinuxfs can be mounted on /sys/fs/selinux
The kernel now provides the /sys/fs/selinux mountpoint and libselinux
prefers it if it's available.

systemd currently tests only for /selinux and this leads to an infinite
loop of policy reloads in the latest Rawhide.

Fix it by checking both possible mountpoints.
Also add the new path to ignore_paths[].

/selinux appears also in nspawn.c. I don't think it's necessary to
change it there at this point.

https://bugzilla.redhat.com/show_bug.cgi?id=711015
2011-06-07 00:53:39 +02:00
Lennart Poettering
3bbecb2f2c selinux: relabel /run the same way as /dev after loading the policy since they both come pre-filled and unlabelled 2011-04-04 16:58:23 +02:00
Lennart Poettering
b925e72633 dev: use /dev/.run/systemd as runtime directory, instead of /dev/.systemd 2011-03-09 22:45:47 +01:00
Lennart Poettering
2e60ecb2f7 selinux: bump up error level when in non-enforcing mode 2011-03-09 20:12:30 +01:00
Lennart Poettering
1829dc9dc5 selinux: relabel /dev after loading policy 2010-11-10 22:38:43 +01:00
Lennart Poettering
c4dcdb9f47 selinux: automatically load policy if the initrd hasn't done this for us yet 2010-10-27 05:47:02 +02:00