selinux: mount /sys, /proc, /dev before we load the SELinux policy

author: Lennart Poettering <lennart@poettering.net> 2011-07-29 01:48:18 +0200
committer: Lennart Poettering <lennart@poettering.net> 2011-07-29 01:49:46 +0200
commit: 4ef31082884e1c8df8887a8f53c428a894d53fb7 (patch)
tree: 112821cafe4970869ddc9e29e5695e4b3002e427 /src/selinux-setup.c
parent: 0b3325e79eb98f2e5bc19a1b0efd99e693b31a99 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index fdc316048a..dc101b13ba 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -30,6 +30,7 @@
 #endif
 
 #include "selinux-setup.h"
+#include "mount-setup.h"
 #include "macro.h"
 #include "util.h"
 #include "log.h"
@@ -45,6 +46,9 @@ int selinux_setup(bool *loaded_policy) {
 
        assert(loaded_policy);
 
+       /* Make sure getcon() works, which needs /proc and /sys */
+       mount_setup_early();
+
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {
@@ -71,7 +75,7 @@ int selinux_setup(bool *loaded_policy) {
 
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
-               if (r < 0) {
+               if (r < 0 || label == NULL) {
                        log_open();
                        log_error("Failed to compute init label, ignoring.");
                } else {
author	Lennart Poettering <lennart@poettering.net>	2011-07-29 01:48:18 +0200
committer	Lennart Poettering <lennart@poettering.net>	2011-07-29 01:49:46 +0200
commit	4ef31082884e1c8df8887a8f53c428a894d53fb7 (patch)
tree	112821cafe4970869ddc9e29e5695e4b3002e427 /src/selinux-setup.c
parent	0b3325e79eb98f2e5bc19a1b0efd99e693b31a99 (diff)