diff --git a/libselinux/src/init.c b/libselinux/src/init.c index a948920..43aa296 100644 --- a/libselinux/src/init.c +++ b/libselinux/src/init.c @@ -45,6 +45,18 @@ static void init_selinuxmnt(void) } } + /* We check to see if the original mount point for selinux file + * system has a selinuxfs. */ + do { + rc = statfs("/selinux", &sfbuf); + } while (rc < 0 && errno == EINTR); + if (rc == 0) { + if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) { + selinux_mnt = strdup("/selinux"); + return; + } + } + /* Drop back to detecting it the long way. */ fp = fopen("/proc/filesystems", "r"); if (!fp) diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c index 83d2143..4078f69 100644 --- a/libselinux/src/load_policy.c +++ b/libselinux/src/load_policy.c @@ -369,7 +369,17 @@ int selinux_init_load_policy(int *enforce) * Check for the existence of SELinux via selinuxfs, and * mount it if present for use in the calls below. */ - if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) < 0 && errno != EBUSY) { + char *mntpoint = NULL; + if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) == 0 || errno == EBUSY) { + mntpoint = SELINUXMNT; + } else { + /* check old mountpoint */ + if (mount("selinuxfs", "/selinux", "selinuxfs", 0, 0) == 0 || errno == EBUSY) { + mntpoint = "/selinux"; + } + } + + if (! mntpoint ) { if (errno == ENODEV) { /* * SELinux was disabled in the kernel, either @@ -384,8 +394,8 @@ int selinux_init_load_policy(int *enforce) } goto noload; - } - set_selinuxmnt(SELINUXMNT); + } + set_selinuxmnt(mntpoint); /* * Note: The following code depends on having selinuxfs @@ -397,7 +407,7 @@ int selinux_init_load_policy(int *enforce) rc = security_disable(); if (rc == 0) { /* Successfully disabled, so umount selinuxfs too. */ - umount(SELINUXMNT); + umount(selinux_mnt); fini_selinuxmnt(); } /* diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h index 10e8712..76f968e 100644 --- a/libselinux/src/policy.h +++ b/libselinux/src/policy.h @@ -13,7 +13,7 @@ #define SELINUX_MAGIC 0xf97cff8c /* Preferred selinux mount location */ -#define SELINUXMNT "/selinux" +#define SELINUXMNT "/sys/fs/selinux" /* selinuxfs mount point */ extern char *selinux_mnt;