sd-daemon: turn sd-daemon.c into a shared library

[elogind.git] / src / selinux-setup.c

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index b2beb33d1f34d379aac37a8c37a699e77bbc46c9..9ff27dcd77f03f0a1b7ab016d60deb3121b3e252 100644 (file)
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -39,14 +39,14 @@ int selinux_setup(char *const argv[]) {
        int enforce = 0;
 
        /* Already initialized? */
-       if (path_is_mount_point("/selinux") > 0)
+       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
+           path_is_mount_point("/selinux") > 0)
                return 0;
 
        /* Before we load the policy we create a flag file to ensure
-        * that after the reexec we iterate through /dev to relabel
-        * things. */
-       mkdir_p("/dev/.systemd", 0755);
-       touch("/dev/.systemd/relabel-devtmpfs");
+        * that after the reexec we iterate through /run and /dev to
+        * relabel things. */
+       touch("/dev/.systemd-relabel-run-dev");
 
        if (selinux_init_load_policy(&enforce) == 0) {
                log_debug("Successfully loaded SELinux policy, reexecuting.");
@@ -59,9 +59,9 @@ int selinux_setup(char *const argv[]) {
                return -errno;
 
        } else {
-               log_full(enforce > 0 ? LOG_ERR : LOG_DEBUG, "Failed to load SELinux policy.");
+               log_full(enforce > 0 ? LOG_ERR : LOG_WARNING, "Failed to load SELinux policy.");
 
-               unlink("/dev/.systemd/relabel-devtmpfs");
+               unlink("/dev/.systemd-relabel-run-dev");
 
                if (enforce > 0)
                        return -EIO;