From 654568b39e6ce714f4685c654e218ab7013a8d5f Mon Sep 17 00:00:00 2001
From: Jeremy Katz <katzj@redhat.com>
Date: Mon, 5 Jan 2009 13:16:39 -0500
Subject: [PATCH] Basic support for loading SELinux from the initramfs

---
 dracut |  2 +-
 init   | 12 +++++++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/dracut b/dracut
index 256507dd..af448687 100755
--- a/dracut
+++ b/dracut
@@ -66,7 +66,7 @@ fi
 initdir=$(mktemp -d -t initramfs.XXXXXX)
 
 # executables that we have to have
-exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo"
+exe="/bin/bash /bin/mount /bin/mknod /bin/mkdir /sbin/modprobe /sbin/udevd /sbin/udevadm /sbin/nash /bin/kill /sbin/pidof /bin/sleep /bin/echo /usr/sbin/chroot"
 lvmexe="/sbin/lvm"
 cryptexe="/sbin/cryptsetup"
 # and some things that are nice for debugging
diff --git a/init b/init
index d9b6c605..5b94e3d6 100755
--- a/init
+++ b/init
@@ -91,12 +91,22 @@ mount --bind /dev $NEWROOT/dev
 mount -t proc /proc $NEWROOT/proc
 mount -t sysfs /sys $NEWROOT/sys
 
-# FIXME: load selinux policy
+# FIXME: load selinux policy.  this should really be done after we switchroot 
+if [ -x $NEWROOT/usr/sbin/load_policy ]; then
+  chroot $NEWROOT /usr/sbin/load_policy -i
+  if [ $? -eq 3 ]; then
+    echo "Initial SELinux policy load failed and enforcing mode requested."
+    echo "Not continuing"
+    sleep 100d
+    exit 1
+  fi
+fi
 
 # kill off udev
 kill `pidof udevd`
 
 [ -x /bin/plymouth ] && /bin/plymouth --newroot=$NEWROOT
+
 # FIXME: nash die die die
 exec /sbin/switch_root
 # davej doesn't like initrd bugs