diff options
author | Nick Kralevich <nnk@google.com> | 2016-03-03 10:40:12 -0800 |
---|---|---|
committer | Nick Kralevich <nnk@google.com> | 2016-03-03 11:26:24 -0800 |
commit | 3d9e27335926497c82bcfab228b90b84d732780f (patch) | |
tree | 7fe8b0b8c74f4013bfe2bdbcce30bbc912dde8a3 | |
parent | 17741bc85c0570a4f01bf8c945db1cd1b117a19a (diff) | |
download | core-3d9e27335926497c82bcfab228b90b84d732780f.tar.gz core-3d9e27335926497c82bcfab228b90b84d732780f.tar.bz2 core-3d9e27335926497c82bcfab228b90b84d732780f.zip |
Mount selinuxfs when other filesystems are mounted
Be consistent when mounting filesystems, and mount selinuxfs
at the same time other filesystems are mounted. In particular,
this ensures that a /sys/fs/selinux/null is available at early
boot, avoiding an unnecessary mknod call.
Change-Id: I01e6b3900f48b4cb3f12d8a928e1e95911524252
-rw-r--r-- | init/init.cpp | 1 | ||||
-rw-r--r-- | init/util.cpp | 22 |
2 files changed, 11 insertions, 12 deletions
diff --git a/init/init.cpp b/init/init.cpp index 4aef82372..9e6143be3 100644 --- a/init/init.cpp +++ b/init/init.cpp @@ -561,6 +561,7 @@ int main(int argc, char** argv) { #define MAKE_STR(x) __STRING(x) mount("proc", "/proc", "proc", 0, "hidepid=2,gid=" MAKE_STR(AID_READPROC)); mount("sysfs", "/sys", "sysfs", 0, NULL); + mount("selinuxfs", "/sys/fs/selinux", "selinuxfs", 0, NULL); } // We must have some place other than / to create the device nodes for diff --git a/init/util.cpp b/init/util.cpp index 84b415552..bddc3b210 100644 --- a/init/util.cpp +++ b/init/util.cpp @@ -401,20 +401,18 @@ int wait_for_file(const char *filename, int timeout) void open_devnull_stdio(void) { - // Try to avoid the mknod() call if we can. Since SELinux makes - // a /dev/null replacement available for free, let's use it. int fd = open("/sys/fs/selinux/null", O_RDWR); if (fd == -1) { - // OOPS, /sys/fs/selinux/null isn't available, likely because - // /sys/fs/selinux isn't mounted. Fall back to mknod. - static const char *name = "/dev/__null__"; - if (mknod(name, S_IFCHR | 0600, (1 << 8) | 3) == 0) { - fd = open(name, O_RDWR); - unlink(name); - } - if (fd == -1) { - exit(1); - } + /* Fail silently. + * stdout/stderr isn't available, and because + * klog_init() is called after open_devnull_stdio(), we can't + * log to dmesg. Reordering klog_init() to be called before + * open_devnull_stdio() isn't an option either, as then klog_fd + * will be assigned 0 or 1, which will end up getting clobbered + * by the code below. There's nowhere good to log. + */ + + exit(1); } dup2(fd, 0); |