summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2011-07-25 21:59:05 +0200
committerLennart Poettering <lennart@poettering.net>2011-07-25 21:59:05 +0200
commit0843f2d65ea978b09f12da9ba61ee157d39ee237 (patch)
tree332c1e4abb9f6c0a39981c0b0a92698675330f7d
parent871e580949b1417058da7f7e9fa0380d308ef708 (diff)
selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized
-rw-r--r--src/selinux-setup.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index f400f416da..620c49e686 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
#ifdef HAVE_SELINUX
int enforce = 0;
usec_t n;
+ security_context_t con;
/* Already initialized? */
- if (path_is_mount_point("/sys/fs/selinux") > 0 ||
- path_is_mount_point("/selinux") > 0)
- return 0;
+ if (getcon_raw(&con) == 0) {
+ bool initialized;
+
+ initialized = !streq(con, "kernel");
+ freecon(con);
+
+ if (initialized)
+ return 0;
+ }
/* Before we load the policy we create a flag file to ensure
* that after the reexec we iterate through /run and /dev to