msg_Not_Running () { msg_not_running "$*"; }
msg_Usage () { msg_usage "$*"; }
+disable_selinux() {
+ selinuxfs=`awk '/ selinuxfs / { print $2 }' /proc/mounts`
+ echo "*** Warning -- SELinux is active"
+ echo "*** Disabling security enforcement for system recovery."
+ echo "*** Run 'setenforce 1' to reenable."
+ echo "0" > $selinuxfs/enforce
+}
+
+relabel_selinux() {
+ selinuxfs=`awk '/ selinuxfs / { print $2 }' /proc/mounts`
+ echo "
+ *** Warning -- SELinux relabel is required. ***
+ *** Disabling security enforcement. ***
+ *** Relabeling could take a very long time, ***
+ *** depending on file system size. ***
+ "
+ echo "0" > $selinuxfs/enforce
+ /sbin/fixfiles -F relabel > /dev/null 2>&1
+ rm -f /.autorelabel
+ echo "*** Enabling security enforcement. ***"
+ echo $SELINUX > $selinuxfs/enforce
+}
+
#/*
# * Local variables:
# * mode: sh
# Disable splash when requested
[ -e /proc/splash ] && is_no "$BOOT_SPLASH" && echo "0" > /proc/splash
+# Check SELinux status
+selinuxfs=$(awk '/ selinuxfs / { print $2 }' /proc/mounts)
+SELINUX=
+if [ -n "$selinuxfs" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
+ if [ -r $selinuxfs/enforce ] ; then
+ SELINUX=$(cat $selinuxfs/enforce)
+ else
+ # assume enforcing if you can't read it
+ SELINUX=1
+ fi
+fi
+
+if [ -x /sbin/restorecon ] && LC_ALL=C fgrep -q " /dev " /proc/mounts ; then
+ /sbin/restorecon -R /dev 2>/dev/null
+fi
+
+
if [ "$CONSOLETYPE" = "vt" -a -x /sbin/setsysfont ]; then
run_cmd "Setting default font" /sbin/setsysfont
fi
echo
PS1="$(nls '(Repair filesystem)# ')"; export PS1
+ [ "$SELINUX" = "1" ] && disable_selinux
if is_yes "$RUN_SULOGIN_ON_ERR"; then
/sbin/sulogin
else
run_cmd "Checking root filesystem quotas" /sbin/quotacheck -vnug /
fi
+# Clean up SELinux labels
+if [ -n "$SELINUX" ]; then
+ for file in /etc/mtab /etc/cryptomtab /etc/ld.so.cache ; do
+ [ -r $file ] && restorecon $file >/dev/null 2>&1
+ done
+fi
+
# Clear mtab
:>/etc/mtab
[ -f /etc/cryptomtab ] && :>/etc/cryptomtab
echo
PS1="$(nls '(RAID Repair)# ')"; export PS1
+ [ "$SELINUX" = "1" ] && disable_selinux
if is_yes "$RUN_SULOGIN_ON_ERR"; then
/sbin/sulogin
else
echo
PS1="$(nls '(Repair filesystem)# ')"; export PS1
+ [ "$SELINUX" = "1" ] && disable_selinux
if is_yes "$RUN_SULOGIN_ON_ERR"; then
/sbin/sulogin
else
echo
PS1="`nls '(Repair filesystem)# '`"; export PS1
+ [ "$SELINUX" = "1" ] && disable_selinux
if is_yes "$RUN_SULOGIN_ON_ERR"; then
/sbin/sulogin
else
run_cmd "Turning on quotas for local filesystems" /sbin/quotaon -aug
fi
+[ -n "$SELINUX" ] && [ -f /.autorelabel ] && relabel_selinux
+
# Turn on process accounting
if [ -x /etc/rc.d/rc.acct ]; then
/etc/rc.d/rc.acct start
# System protected dirs
mkdir -m 1777 -p /tmp/.ICE-unix > /dev/null 2>&1
chown root:root /tmp/.ICE-unix
-restorecon /tmp/.ICE-unix > /dev/null 2>&1
-
+[ -n "$SELINUX" ] && restorecon /tmp/.ICE-unix >/dev/null 2>&1
# Right, now turn on swap in case we swap to files
swapon -a >/dev/null 2>&1
projects / projects / rc-scripts.git / commitdiff