va_start(args, fmt);
vsyslog(LOG_NOTICE, fmt, args);
+ if (isatty(STDIN_FILENO))
+ vfprintf(stderr, fmt, args);
va_end(args);
closelog();
ref_pol_mtime = (time_t)strtoul(sel_mtime, &res, 0);
if (*res != '\0') {
/* not a valid number */
- errlog("invalid sel_mtime");
+ errlog("invalid sel_mtime\n");
return -EINVAL;
}
}
ref_selinux_mode = sel_mode[0] - '0';
if (ref_selinux_mode != 0 && ref_selinux_mode != 1) {
/* not a valid enforcing mode */
- errlog("invalid sel_mode");
+ errlog("invalid sel_mode\n");
return -EINVAL;
}
}
int policyver = 0;
char pol_bin_path[PATH_MAX + 1];
struct stat st;
- time_t policymtime;
+ time_t policymtime = 0;
int enforce;
+ int is_selinux;
char *policy_type = NULL;
unsigned char *mdval = NULL;
unsigned int mdsize = 0;
if (rc < 0)
goto out;
- /* Version of loaded policy */
- policyver = security_policyvers();
- if (policyver < 0) {
- errlog("unknown policy version: %s\n", strerror(errno));
+ is_selinux = is_selinux_enabled();
+ if (is_selinux < 0) {
+ errlog("is_selinux_enabled() failed\n");
rc = -errno;
goto out;
}
- /* Path of binary policy file */
- snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
- selinux_binary_policy_path(), policyver);
+ if (!is_selinux) {
+ errlog("SELinux is disabled, ptlrpc 'send_sepol' value should be set to 0\n");
+ rc = -ENODEV;
+ goto out;
+ }
- /* Stat binary policy file */
- if (stat(pol_bin_path, &st)) {
- errlog("can't stat %s: %s\n", pol_bin_path, strerror(errno));
+ /* Max version of loaded policy */
+ policyver = security_policyvers();
+ if (policyver < 0) {
+ errlog("unknown policy version: %s\n", strerror(errno));
rc = -errno;
goto out;
}
- policymtime = st.st_mtime;
+
+ while (policymtime == 0) {
+ /* Path of binary policy file */
+ snprintf(pol_bin_path, sizeof(pol_bin_path), "%s.%d",
+ selinux_binary_policy_path(), policyver);
+
+ /* Stat binary policy file */
+ if (stat(pol_bin_path, &st)) {
+ if (policyver > 0) {
+ policyver--;
+ } else {
+ errlog("can't stat %s.*: %s\n",
+ selinux_binary_policy_path(),
+ strerror(errno));
+ rc = -errno;
+ goto out;
+ }
+ } else {
+ policymtime = st.st_mtime;
+ }
+ }
/* Determine if SELinux is in permissive or enforcing mode */
enforce = security_getenforce();