X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fselinux-setup.c;h=c32c7ad8db5fb9c59341a63fc6c1d38d2e367a11;hp=d4da693ca473485def0923e7b365d3ba348712a1;hb=2dcd4d240630c98f8cb025090c2bbfa65aa28a8a;hpb=c4dcdb9f4785937f2b73700e66b8cafa452f60a7

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index d4da693ca..c32c7ad8d 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -42,8 +42,13 @@ int selinux_setup(char *const argv[]) {
        if (path_is_mount_point("/selinux") > 0)
                return 0;
 
+       /* Before we load the policy we create a flag file to ensure
+        * that after the reexec we iterate through /run and /dev to
+        * relabel things. */
+       touch("/dev/.systemd-relabel-run-dev");
+
        if (selinux_init_load_policy(&enforce) == 0) {
-               log_info("Successfully loaded SELinux policy, reexecuting.");
+               log_debug("Successfully loaded SELinux policy, reexecuting.");
 
                /* FIXME: Ideally we'd just call setcon() here instead
                 * of having to reexecute ourselves here. */
@@ -53,7 +58,9 @@ int selinux_setup(char *const argv[]) {
                return -errno;
 
        } else {
-               log_full(enforce > 0 ? LOG_ERR : LOG_DEBUG, "Failed to load SELinux policy.");
+               log_full(enforce > 0 ? LOG_ERR : LOG_WARNING, "Failed to load SELinux policy.");
+
+               unlink("/dev/.systemd-relabel-run-dev");
 
                if (enforce > 0)
                        return -EIO;