diff --git a/libselinux-bindings.spec b/libselinux-bindings.spec index 94b03bd..663e9f8 100644 --- a/libselinux-bindings.spec +++ b/libselinux-bindings.spec @@ -27,7 +27,7 @@ Version: 2.1.9 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities -License: GPL-2.0 ; SUSE-Public-Domain +License: GPL-2.0 and SUSE-Public-Domain Group: System/Libraries Source: http://userspace.selinuxproject.org/releases/20120216/libselinux-%{version}.tar.gz Source1: selinux-ready diff --git a/libselinux.changes b/libselinux.changes index 94ba4c1..985d442 100644 --- a/libselinux.changes +++ b/libselinux.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Nov 27 12:38:29 UTC 2012 - vcizek@suse.com + +- update selinux-ready script + ------------------------------------------------------------------- Wed Jul 25 11:15:02 UTC 2012 - meissner@suse.com diff --git a/libselinux.spec b/libselinux.spec index 8294833..270fb95 100644 --- a/libselinux.spec +++ b/libselinux.spec @@ -25,7 +25,7 @@ Version: 2.1.9 Release: 0 Url: http://userspace.selinuxproject.org/ Summary: SELinux library and simple utilities -License: GPL-2.0 ; SUSE-Public-Domain +License: GPL-2.0 and SUSE-Public-Domain Group: System/Libraries Source: http://userspace.selinuxproject.org/releases/20120216/%{name}-%{version}.tar.gz Source1: selinux-ready diff --git a/selinux-ready b/selinux-ready index 48b59a3..8c202c7 100644 --- a/selinux-ready +++ b/selinux-ready @@ -22,37 +22,58 @@ check_dir() check_filesystem() { FSPATH="/proc/filesystems" - FSNAME="securityfs" + FSNAMES="securityfs selinuxfs" + OK="O" - grep -w $FSNAME $FSPATH 1>&2 >/dev/null + for FSNAME in $FSNAMES; do + grep -w $FSNAME $FSPATH 1>&2 >/dev/null - if [ $? == 0 ]; then - printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" - return 0 + if [ $? == 0 ]; then + printf "\tcheck_filesystem: OK. Filesystem '$FSNAME' exists.\n" + else + printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" + OK="1" + fi + done + if [ "$OK" == "0" ]; then + return 0; else - printf "\tcheck_filesystem: ERR. Filesystem '$FSNAME' is missing. Please enable SELinux while compiling the kernel.\n" - return 0 + return 1; fi } check_boot() { - BPARAM="selinux=1" + BPARAM1="security=selinux" + BPARAM2="selinux=1" - printf "\tcheck_boot: Assuming GRUB as bootloader.\n" + printf "\tcheck_boot: Assuming GRUB2 as bootloader.\n" - BLINE=$(grep -- $BPARAM /boot/grub/menu.lst 2>/dev/null) # XXX check for multiple lines in config - - if [ $? == 0 ]; then + # look for parameters of the current kernel + CURRENT_KERNEL=$(uname -r) + OTHERS="" + RETVAL="FAIL" + while read BLINE + do K=$(echo $BLINE | awk -F' ' '{print $2}') KERNEL=$(basename $K) K=$(echo $KERNEL | sed s/vmlinuz-//) - INITRD=initrd-$K - printf "\tcheck_boot: OK. Kernel '$KERNEL' has boot-parameter '$BPARAM'\n" + + if [ "$K" == "$CURRENT_KERNEL" ]; then + INITRD=initrd-$K + RETVAL="OK" + else + OTHERS="$KERNEL $OTHERS" + fi + done < <(grep -- $BPARAM1 /boot/grub2/grub.cfg 2>/dev/null | grep -- $BPARAM2) + + if [ "$RETVAL" == OK ]; then + printf "\tcheck_boot: OK. Current kernel '$KERNEL' has boot-parameters '$BPARAM1 $BPARAM2'\n" + printf "\tcheck_boot: OK. Other kernels with correct parameters: $OTHERS\n" return 0 else printf "\tcheck_boot: ERR. Boot-parameter missing for booting the kernel.\n" - printf "\t Please use YaST2 to add 'selinux=1' to the kernel boot-parameter list.\n" + printf "\t Please use YaST2 to add 'security=selinux selinux=1' to the kernel boot-parameter list.\n" return 1 fi } @@ -141,7 +162,7 @@ check_initupstart() return 1; fi - POL=$(grep SELINUXTYPE $CFGFILE | sed "s/SELINUXTYPE\s*=\s*"//) + POL=$(grep "^\s*SELINUXTYPE" $CFGFILE | sed "s/SELINUXTYPE\s*=\(\S*\)\s*"/\\1/) if ! [ -f /etc/selinux/$POL/booleans ]; then printf "\tcheck_initupstart: ERR. booleans file for policy $POL does not exist.\n"