From af06c6745bdf391c57ef29de4e6133f05c3b6187 Mon Sep 17 00:00:00 2001
From: Stephen Smalley <sds@tycho.nsa.gov>
Date: Mon, 9 Dec 2013 15:40:24 -0500
Subject: Log a warning on services that lack SELinux domains.

Sample output on flo:
<3>[    7.270568] init: Warning!  Service irsc_util needs a SELinux domain defined; please fix!
<3>[    8.290832] init: Warning!  Service bootanim needs a SELinux domain defined; please fix!

Change-Id: If5514b188517917d58ee81c446af563b0443be45
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
---
 init/init.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/init/init.c b/init/init.c
index 864fc6c85..365726c91 100644
--- a/init/init.c
+++ b/init/init.c
@@ -221,6 +221,9 @@ void service_start(struct service *svc, const char *dynamic_args)
             }
 
             rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
+            if (rc == 0 && !strcmp(scon, mycon)) {
+                ERROR("Warning!  Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+            }
             freecon(mycon);
             freecon(fcon);
             if (rc < 0) {
-- 
cgit v1.2.3