* [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check
@ 2017-04-07 12:05 Luis Ressel
2017-04-11 18:18 ` Stephen Smalley
0 siblings, 1 reply; 2+ messages in thread
From: Luis Ressel @ 2017-04-07 12:05 UTC (permalink / raw)
To: selinux
This check is a remnant of the libselinux <2.5 era, back when
is_selinux_enabled() checked whether a policy had been loaded. Nowadays
it only checks whether selinuxfs is mounted, and "load_policy -i"
therefore incorrectly refuses operation when selinuxfs is mounted, but
no policy has been loaded yet.
While it doesn't make much sense to call selinux_init_load_policy()
twice, there's no harm in doing so either, so let's just drop this
safeguard instead of fixing it.
---
policycoreutils/load_policy/load_policy.c | 7 -------
1 file changed, 7 deletions(-)
diff --git a/policycoreutils/load_policy/load_policy.c b/policycoreutils/load_policy/load_policy.c
index 7c2c2a7..2707d6f 100644
--- a/policycoreutils/load_policy/load_policy.c
+++ b/policycoreutils/load_policy/load_policy.c
@@ -65,13 +65,6 @@ int main(int argc, char **argv)
argv[0], argv[optind++]);
}
if (init) {
- if (is_selinux_enabled() == 1) {
- /* SELinux is already enabled, we should not do an initial load again */
- fprintf(stderr,
- _("%s: Policy is already loaded and initial load requested\n"),
- argv[0]);
- exit(2);
- }
ret = selinux_init_load_policy(&enforce);
if (ret != 0 ) {
if (enforce > 0) {
--
2.12.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check
2017-04-07 12:05 [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check Luis Ressel
@ 2017-04-11 18:18 ` Stephen Smalley
0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2017-04-11 18:18 UTC (permalink / raw)
To: Luis Ressel, selinux
On Fri, 2017-04-07 at 14:05 +0200, Luis Ressel wrote:
> This check is a remnant of the libselinux <2.5 era, back when
> is_selinux_enabled() checked whether a policy had been loaded.
> Nowadays
> it only checks whether selinuxfs is mounted, and "load_policy -i"
> therefore incorrectly refuses operation when selinuxfs is mounted,
> but
> no policy has been loaded yet.
>
> While it doesn't make much sense to call selinux_init_load_policy()
> twice, there's no harm in doing so either, so let's just drop this
> safeguard instead of fixing it.
Thanks, applied.
> ---
> policycoreutils/load_policy/load_policy.c | 7 -------
> 1 file changed, 7 deletions(-)
>
> diff --git a/policycoreutils/load_policy/load_policy.c
> b/policycoreutils/load_policy/load_policy.c
> index 7c2c2a7..2707d6f 100644
> --- a/policycoreutils/load_policy/load_policy.c
> +++ b/policycoreutils/load_policy/load_policy.c
> @@ -65,13 +65,6 @@ int main(int argc, char **argv)
> argv[0], argv[optind++]);
> }
> if (init) {
> - if (is_selinux_enabled() == 1) {
> - /* SELinux is already enabled, we should not
> do an initial load again */
> - fprintf(stderr,
> - _("%s: Policy is already
> loaded and initial load requested\n"),
> - argv[0]);
> - exit(2);
> - }
> ret = selinux_init_load_policy(&enforce);
> if (ret != 0 ) {
> if (enforce > 0) {
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2017-04-11 18:18 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-04-07 12:05 [PATCH] policycoreutils/load_policy: Drop is_selinux_enabled() check Luis Ressel
2017-04-11 18:18 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.