X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Fmount-setup.c;h=290698939e1f876d43197b5f7e9f059bf3811517;hb=0b3325e79eb98f2e5bc19a1b0efd99e693b31a99;hp=3b97fe4aa57c8d4a24cc0c4b67b951d3c7ef9669;hpb=e5a53dc74636ffa9de639733a0bef65f967c9ffa;p=elogind.git

diff --git a/src/mount-setup.c b/src/mount-setup.c
index 3b97fe4aa..290698939 100644
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -54,7 +54,7 @@ static const MountPoint mount_table[] = {
         { "devtmpfs", "/dev",                   "devtmpfs", "mode=755",          MS_NOSUID,                    true },
         { "tmpfs",    "/dev/shm",               "tmpfs",    "mode=1777",         MS_NOSUID|MS_NODEV,           true },
         { "devpts",   "/dev/pts",               "devpts",   "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false },
-        { "tmpfs",    "/run",                   "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
+        { "tmpfs",    "/run",                   "tmpfs",    "mode=755",          MS_NOSUID|MS_NODEV, true },
         { "tmpfs",    "/sys/fs/cgroup",         "tmpfs",    "mode=755",          MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
         { "cgroup",   "/sys/fs/cgroup/systemd", "cgroup",   "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false },
 };
@@ -63,10 +63,9 @@ static const MountPoint mount_table[] = {
  * we just list them here so that we know that we should ignore them */
 
 static const char * const ignore_paths[] = {
+        "/sys/fs/selinux",
         "/selinux",
-        "/proc/bus/usb",
-        "/var/lib/nfs/rpc_pipefs",
-        "/proc/fs/nfsd"
+        "/proc/bus/usb"
 };
 
 bool mount_point_is_api(const char *path) {
@@ -138,8 +137,10 @@ static int mount_cgroup_controllers(void) {
 
         /* Mount all available cgroup controllers that are built into the kernel. */
 
-        if (!(f = fopen("/proc/cgroups", "re")))
-                return -ENOENT;
+        if (!(f = fopen("/proc/cgroups", "re"))) {
+                log_error("Failed to enumerate cgroup controllers: %m");
+                return 0;
+        }
 
         /* Ignore the header line */
         (void) fgets(buf, sizeof(buf), f);
@@ -225,7 +226,7 @@ static int nftw_cb(
         return 0;
 };
 
-int mount_setup(void) {
+int mount_setup(bool loaded_policy) {
 
         const char symlinks[] =
                 "/proc/kcore\0"      "/dev/core\0"
@@ -246,9 +247,20 @@ int mount_setup(void) {
          * the appropriate labels, after mounting. The other virtual
          * API file systems like /sys and /proc do not need that, they
          * use the same label for all their files. */
-        if (unlink("/dev/.systemd-relabel-run-dev") >= 0) {
+        if (loaded_policy) {
+                usec_t before_relabel, after_relabel;
+                char timespan[FORMAT_TIMESPAN_MAX];
+
+                before_relabel = now(CLOCK_MONOTONIC);
+
                 nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS);
                 nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS);
+
+                after_relabel = now(CLOCK_MONOTONIC);
+
+                log_info("Relabelled /dev and /run in %s.",
+                         format_timespan(timespan, sizeof(timespan), after_relabel - before_relabel));
+
         }
 
         /* Create a few default symlinks, which are normally created
@@ -259,6 +271,7 @@ int mount_setup(void) {
 
         /* Create a few directories we always want around */
         mkdir("/run/systemd", 0755);
+        mkdir("/run/systemd/system", 0755);
 
         return mount_cgroup_controllers();
 }