Log a warning on services that lack SELinux domains.
Sample output on flo:
<3>[ 7.270568] init: Warning! Service irsc_util needs a SELinux domain defined; please fix!
<3>[ 8.290832] init: Warning! Service bootanim needs a SELinux domain defined; please fix!
Change-Id: If5514b188517917d58ee81c446af563b0443be45
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
diff --git a/init/init.c b/init/init.c
index 864fc6c..365726c 100644
--- a/init/init.c
+++ b/init/init.c
@@ -221,6 +221,9 @@
}
rc = security_compute_create(mycon, fcon, string_to_security_class("process"), &scon);
+ if (rc == 0 && !strcmp(scon, mycon)) {
+ ERROR("Warning! Service %s needs a SELinux domain defined; please fix!\n", svc->name);
+ }
freecon(mycon);
freecon(fcon);
if (rc < 0) {