selinux: selinuxfs can be mounted on /sys/fs/selinux

The kernel now provides the /sys/fs/selinux mountpoint and libselinux
prefers it if it's available.

systemd currently tests only for /selinux and this leads to an infinite
loop of policy reloads in the latest Rawhide.

Fix it by checking both possible mountpoints.
Also add the new path to ignore_paths[].

/selinux appears also in nspawn.c. I don't think it's necessary to
change it there at this point.

https://bugzilla.redhat.com/show_bug.cgi?id=711015

diff --git a/src/mount-setup.c b/src/mount-setup.c
index 48c32eab3339486c31bf756be816287cd6fbd9ed..6feee6aa1675c2fb17e8328418626fcf378f27b2 100644 (file)
--- a/src/mount-setup.c
+++ b/src/mount-setup.c
@@ -63,6 +63,7 @@ static const MountPoint mount_table[] = {
  * we just list them here so that we know that we should ignore them */
 
 static const char * const ignore_paths[] = {
  * we just list them here so that we know that we should ignore them */
 
 static const char * const ignore_paths[] = {

+        "/sys/fs/selinux",

         "/selinux",
         "/proc/bus/usb"
 };
         "/selinux",
         "/proc/bus/usb"
 };

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index c32c7ad8db5fb9c59341a63fc6c1d38d2e367a11..9ff27dcd77f03f0a1b7ab016d60deb3121b3e252 100644 (file)
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -39,7 +39,8 @@ int selinux_setup(char *const argv[]) {
        int enforce = 0;
 
        /* Already initialized? */
        int enforce = 0;
 
        /* Already initialized? */

-       if (path_is_mount_point("/selinux") > 0)
+       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
+           path_is_mount_point("/selinux") > 0)

                return 0;
 
        /* Before we load the policy we create a flag file to ensure
                return 0;
 
        /* Before we load the policy we create a flag file to ensure