libselinux: always unmount selinuxfs for SELINUX=disabled

As reported in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864479 using a kernel configuration with CONFIG_SECURITY_SELINUX_DISABLE=n and a /etc/selinux/config with SELINUX=disabled leads to a boot failure. Fix this by always unmounting selinuxfs if /etc/selinux/config has SELINUX=disabled even if unable to successfully disable SELinux. This will ensure that subsequent is_selinux_enabled() tests will return 0 (disabled) and userspace will therefore skip any SELinux processing. Reported-by: Christian Göttsche <cgzones@googlemail.com> Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
2017-06-09 10:12:32 -04:00 · 2017-06-09 10:12:32 -04:00 · d1769a9b83
parent f9ae34a404
commit d1769a9b83
1 changed files with 4 additions and 1 deletions
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@ -449,8 +449,11 @@ int selinux_init_load_policy(int *enforce)
 		}
 	}

-	if (seconfig == -1)
+	if (seconfig == -1) {
+		umount(selinux_mnt);
+		fini_selinuxmnt();
 		goto noload;
+	}

 	/* Load the policy. */
 	return selinux_mkload_policy(0);