mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-04 01:20:52 +00:00
libselinux: always unmount selinuxfs for SELINUX=disabled
As reported in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864479 using a kernel configuration with CONFIG_SECURITY_SELINUX_DISABLE=n and a /etc/selinux/config with SELINUX=disabled leads to a boot failure. Fix this by always unmounting selinuxfs if /etc/selinux/config has SELINUX=disabled even if unable to successfully disable SELinux. This will ensure that subsequent is_selinux_enabled() tests will return 0 (disabled) and userspace will therefore skip any SELinux processing. Reported-by: Christian Göttsche <cgzones@googlemail.com> Reported-by: Laurent Bigonville <bigon@debian.org> Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
This commit is contained in:
parent
f9ae34a404
commit
d1769a9b83
@ -449,8 +449,11 @@ int selinux_init_load_policy(int *enforce)
|
||||
}
|
||||
}
|
||||
|
||||
if (seconfig == -1)
|
||||
if (seconfig == -1) {
|
||||
umount(selinux_mnt);
|
||||
fini_selinuxmnt();
|
||||
goto noload;
|
||||
}
|
||||
|
||||
/* Load the policy. */
|
||||
return selinux_mkload_policy(0);
|
||||
|
Loading…
Reference in New Issue
Block a user