RepoMirrors
/
selinux
mirror of https://github.com/SELinuxProject/selinux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

policycoreutils/load_policy: Drop is_selinux_enabled() check 

This check is a remnant of the libselinux <2.5 era, back when
is_selinux_enabled() checked whether a policy had been loaded. Nowadays
it only checks whether selinuxfs is mounted, and "load_policy -i"
therefore incorrectly refuses operation when selinuxfs is mounted, but
no policy has been loaded yet.

While it doesn't make much sense to call selinux_init_load_policy()
twice, there's no harm in doing so either, so let's just drop this
safeguard instead of fixing it.

Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Luis Ressel 2017-04-07 14:05:07 +02:00 committed by Stephen Smalley
parent b61922f727
commit 682e01f79d
1 changed files with 0 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
policycoreutils/load_policy/load_policy.c
View File

@ -65,13 +65,6 @@ int main(int argc, char **argv)
argv[0], argv[optind++]);
}
if (init) {
if (is_selinux_enabled() == 1) {
/* SELinux is already enabled, we should not do an initial load again */
fprintf(stderr,
_("%s: Policy is already loaded and initial load requested\n"),
argv[0]);
exit(2);
}
ret = selinux_init_load_policy(&enforce);
if (ret != 0 ) {
if (enforce > 0) {