selinux: mount /sys, /proc, /dev before we load the SELinux policy

[elogind.git] / src / selinux-setup.c

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index fdc316048add74cf1844f6d570219576286e0611..dc101b13bae1d5efc24c1a21c14606072502142c 100644 (file)
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -30,6 +30,7 @@
 #endif
 
 #include "selinux-setup.h"
+#include "mount-setup.h"
 #include "macro.h"
 #include "util.h"
 #include "log.h"
@@ -45,6 +46,9 @@ int selinux_setup(bool *loaded_policy) {
 
        assert(loaded_policy);
 
+       /* Make sure getcon() works, which needs /proc and /sys */
+       mount_setup_early();
+
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {
@@ -71,7 +75,7 @@ int selinux_setup(bool *loaded_policy) {
 
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
-               if (r < 0) {
+               if (r < 0 || label == NULL) {
                        log_open();
                        log_error("Failed to compute init label, ignoring.");
                } else {