Log a warning on services that lack SELinux domains.

Sample output on flo: <3>[ 7.270568] init: Warning! Service irsc_util needs a SELinux domain defined; please fix! <3>[ 8.290832] init: Warning! Service bootanim needs a SELinux domain defined; please fix! Change-Id: If5514b188517917d58ee81c446af563b0443be45 Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
author: Stephen Smalley <sds@tycho.nsa.gov> 2013-12-09 15:40:24 -0500
committer: Stephen Smalley <sds@tycho.nsa.gov> 2013-12-09 15:40:24 -0500
commit: af06c6745bdf391c57ef29de4e6133f05c3b6187 (patch)
tree: 3cc83d1c34314e26c3b853b3ed7f095555267289
parent: bdf53e2a59654d2b1e8469616f1b0175b275219d (diff)
download: core-af06c6745bdf391c57ef29de4e6133f05c3b6187.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/init/init.c b/init/init.c
index 864fc6c85..365726c91 100644
--- a/init/init.c
+++ b/init/init.c
@@ -221,6 +221,9 @@ void service_start(struct service *svc, const char *dynamic_args)
             }
 
             rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
+            if (rc == 0 && !strcmp(scon, mycon)) {
+                ERROR("Warning!  Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+            }
             freecon(mycon);
             freecon(fcon);
             if (rc < 0) {
author	Stephen Smalley <sds@tycho.nsa.gov>	2013-12-09 15:40:24 -0500
committer	Stephen Smalley <sds@tycho.nsa.gov>	2013-12-09 15:40:24 -0500
commit	af06c6745bdf391c57ef29de4e6133f05c3b6187 (patch)
tree	3cc83d1c34314e26c3b853b3ed7f095555267289
parent	bdf53e2a59654d2b1e8469616f1b0175b275219d (diff)
download	core-af06c6745bdf391c57ef29de4e6133f05c3b6187.tar.gz