diff options
| author | Lennart Poettering <lennart@poettering.net> | 2011-07-25 21:59:05 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2011-07-25 21:59:05 +0200 |
| commit | 0843f2d65ea978b09f12da9ba61ee157d39ee237 (patch) | |
| tree | 332c1e4abb9f6c0a39981c0b0a92698675330f7d | |
| parent | 871e580949b1417058da7f7e9fa0380d308ef708 (diff) | |
selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized
| -rw-r--r-- | src/selinux-setup.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/src/selinux-setup.c b/src/selinux-setup.c index f400f416da..620c49e686 100644 --- a/src/selinux-setup.c +++ b/src/selinux-setup.c @@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) { #ifdef HAVE_SELINUX int enforce = 0; usec_t n; + security_context_t con; /* Already initialized? */ - if (path_is_mount_point("/sys/fs/selinux") > 0 || - path_is_mount_point("/selinux") > 0) - return 0; + if (getcon_raw(&con) == 0) { + bool initialized; + + initialized = !streq(con, "kernel"); + freecon(con); + + if (initialized) + return 0; + } /* Before we load the policy we create a flag file to ensure * that after the reexec we iterate through /run and /dev to |