selinux: retest selinux after we loaded the policy

3 files changed, 10 insertions, 1 deletions

diff --git a/src/label.c b/src/label.c
index a5994622c7..fb9a1b4262 100644
--- a/src/label.c
+++ b/src/label.c
@@ -33,8 +33,9 @@
 
 static struct selabel_handle *label_hnd = NULL;
 
+static int use_selinux_cached = -1;
+
 static inline bool use_selinux(void) {
-        static int use_selinux_cached = -1;
 
         if (use_selinux_cached < 0)
                 use_selinux_cached = is_selinux_enabled() > 0;
@@ -42,6 +43,10 @@ static inline bool use_selinux(void) {
         return use_selinux_cached;
 }
 
+void label_retest_selinux(void) {
+        use_selinux_cached = -1;
+}
+
 #endif
 
 int label_init(void) {
diff --git a/src/label.h b/src/label.h
index 321d21f650..6e48efaa07 100644
--- a/src/label.h
+++ b/src/label.h
@@ -43,4 +43,6 @@ int label_get_create_label_from_exe(const char *exe, char **label);
 
 int label_mkdir(const char *path, mode_t mode);
 
+void label_retest_selinux(void);
+
 #endif
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index dc101b13ba..2abd99e6a2 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -73,6 +73,8 @@ int selinux_setup(bool *loaded_policy) {
                char timespan[FORMAT_TIMESPAN_MAX];
                char *label;
 
+               label_retest_selinux();
+
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
                if (r < 0 || label == NULL) {