Commit 0843f2d6 authored by Lennart Poettering's avatar Lennart Poettering
Browse files

selinux: check PID 1 label instead of /selinux mount point to figure out if...

selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized
parent 871e5809
......@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
#ifdef HAVE_SELINUX
int enforce = 0;
usec_t n;
security_context_t con;
/* Already initialized? */
if (path_is_mount_point("/sys/fs/selinux") > 0 ||
path_is_mount_point("/selinux") > 0)
if (getcon_raw(&con) == 0) {
bool initialized;
initialized = !streq(con, "kernel");
freecon(con);
if (initialized)
return 0;
}
/* Before we load the policy we create a flag file to ensure
* that after the reexec we iterate through /run and /dev to
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment