[systemd-commits] src/selinux-setup.c
Lennart Poettering
lennart at kemper.freedesktop.org
Mon Jul 25 13:00:56 PDT 2011
src/selinux-setup.c | 13 ++++++++++---
1 file changed, 10 insertions(+), 3 deletions(-)
New commits:
commit 0843f2d65ea978b09f12da9ba61ee157d39ee237
Author: Lennart Poettering <lennart at poettering.net>
Date: Mon Jul 25 21:59:05 2011 +0200
selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index f400f41..620c49e 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
#ifdef HAVE_SELINUX
int enforce = 0;
usec_t n;
+ security_context_t con;
/* Already initialized? */
- if (path_is_mount_point("/sys/fs/selinux") > 0 ||
- path_is_mount_point("/selinux") > 0)
- return 0;
+ if (getcon_raw(&con) == 0) {
+ bool initialized;
+
+ initialized = !streq(con, "kernel");
+ freecon(con);
+
+ if (initialized)
+ return 0;
+ }
/* Before we load the policy we create a flag file to ensure
* that after the reexec we iterate through /run and /dev to
More information about the systemd-commits
mailing list