libselinux: always unmount selinuxfs for SELINUX=disabled

As reported in:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864479
using a kernel configuration with CONFIG_SECURITY_SELINUX_DISABLE=n
and a /etc/selinux/config with SELINUX=disabled leads to a boot
failure.

Fix this by always unmounting selinuxfs if /etc/selinux/config has
SELINUX=disabled even if unable to successfully disable SELinux.
This will ensure that subsequent is_selinux_enabled() tests will
return 0 (disabled) and userspace will therefore skip any SELinux
processing.

Reported-by: Christian Göttsche <cgzones@googlemail.com>
Reported-by: Laurent Bigonville <bigon@debian.org>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
Stephen Smalley 2017-06-09 10:12:32 -04:00
parent f9ae34a404
commit d1769a9b83

View File

@ -449,8 +449,11 @@ int selinux_init_load_policy(int *enforce)
}
}
if (seconfig == -1)
if (seconfig == -1) {
umount(selinux_mnt);
fini_selinuxmnt();
goto noload;
}
/* Load the policy. */
return selinux_mkload_policy(0);