selinux: selinuxfs can be mounted on /sys/fs/selinux

The kernel now provides the /sys/fs/selinux mountpoint and libselinux
prefers it if it's available.

systemd currently tests only for /selinux and this leads to an infinite
loop of policy reloads in the latest Rawhide.

Fix it by checking both possible mountpoints.
Also add the new path to ignore_paths[].

/selinux appears also in nspawn.c. I don't think it's necessary to
change it there at this point.

https://bugzilla.redhat.com/show_bug.cgi?id=711015

2 files changed, 3 insertions, 1 deletions

diff --git a/src/mount-setup.c b/src/mount-setup.c
index 48c32eab33..6feee6aa16 100644
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -63,6 +63,7 @@ static const MountPoint mount_table[] = {
  * we just list them here so that we know that we should ignore them */
 
 static const char * const ignore_paths[] = {
+        "/sys/fs/selinux",
         "/selinux",
         "/proc/bus/usb"
 };
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index c32c7ad8db..9ff27dcd77 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -39,7 +39,8 @@ int selinux_setup(char *const argv[]) {
        int enforce = 0;
 
        /* Already initialized? */
-       if (path_is_mount_point("/selinux") > 0)
+       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
+           path_is_mount_point("/selinux") > 0)
                return 0;
 
        /* Before we load the policy we create a flag file to ensure