core: move mount_setup_early() to main.c

move mount_setup_early() call to main.c, before security module setup,
so there are no more repeat calls.

diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
index e8cc1ba8b6cb451775e06d189dd46c9a91d99193..7f8ec23d58363ec4cafabc0f6accc740699b0569 100644 (file)
--- a/src/core/ima-setup.c
+++ b/src/core/ima-setup.c
@@ -50,11 +50,6 @@ int ima_setup(void) {
        int policyfd = -1, imafd = -1;
        int result = 0;
 
-#ifndef HAVE_SELINUX
-       /* Mount the securityfs filesystem */
-       mount_setup_early();
-#endif
-
        if (stat(IMA_POLICY_PATH, &st) < 0)
                return 0;
 

diff --git a/src/core/main.c b/src/core/main.c
index 1c2453c9b1871e21fcf781e7849e14e80a93b2be..24d8d3e9824223c93999303e0e38b60a6a95c891 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1357,6 +1357,7 @@ int main(int argc, char *argv[]) {
                 }
 
                 if (!skip_setup) {
+                        mount_setup_early();
                         if (selinux_setup(&loaded_policy) < 0)
                                 goto finish;
                         if (ima_setup() < 0)

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index e9c0de92f1fb5157d665b97e238535d38104d2af..0723d7c8ba4786ecd9937ca3fb2bb6e3396dec2e 100644 (file)
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -58,9 +58,6 @@ int selinux_setup(bool *loaded_policy) {
        cb.func_log = null_log;
        selinux_set_callback(SELINUX_CB_LOG, cb);
 
-       /* Make sure getcon() works, which needs /proc and /sys */
-       mount_setup_early();
-
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {