RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2025-01-17 19:00:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
1,006 Commits 4 Branches 737 Tags 22 MiB
C 74.6%
Python 16.2%
Roff 5.2%
SWIG 1.2%
Makefile 1.1%
Other 1.7%
241fac2728
Go to file
Will Woods 241fac2728 selinux_init_load_policy: setenforce(0) if security_disable() fails 
If you run selinux_init_load_policy() after a chroot/switch-root, it's
possible that your *previous* root loaded policy, but your *new* root
wants SELinux disabled.

We can't disable SELinux in this case, but we *do* need to make sure
it's permissive. Otherwise we may continue to enforce the old policy.

So, if seconfig = -1, but security_disable() fails, we set *enforce=0,
and then let the existing code handle the security_{get,set}enforce
stuff.

Once that's handled, exit with failure via "goto noload", as before.
2014-05-07 15:24:35 -04:00
checkpolicy
libselinux
libsemanage
libsepol
policycoreutils
scripts
sepolgen
.gitignore
Makefile
README

README 

To build and install everything under a private directory, run:
make DESTDIR=~/obj install install-pywrap

To install as the default system libraries and binaries
(overwriting any previously installed ones - dangerous!),
on x86_64, run:
make LIBDIR=/usr/lib64 SHLIBDIR=/lib64 install install-pywrap relabel
or on x86 (32-bit), run:
make install install-pywrap relabel

This may render your system unusable if the upstream SELinux userspace
lacks library functions or other dependencies relied upon by your
distribution.  If it breaks, you get to keep both pieces.