logind: load SELinux labelling system

elogind-logind uses mkdir_label and label_fix functions without calling
first mac_selinux_init.  This makes /run/user/$UID/ directories not
labelled correctly on an Arch Linux system using SELinux.

Fix this by calling mac_selinux_init("/run") early in elogind-logind.
This makes files created in /etc/udev/rules.d and /var/lib/elogind to be
labelled through transitions in the SELinux policy instead of using
setfscreatecon (with mac_selinux_create_file_prepare).

diff --git a/src/login/logind-dbus.c b/src/login/logind-dbus.c
index 5dfe5aab2ab04d702a3e2d785eda6fb242c45878..a54071800f28c5574442ad0e737ab924f1c2e431 100644 (file)
--- a/src/login/logind-dbus.c
+++ b/src/login/logind-dbus.c
@@ -1235,7 +1235,6 @@ static int attach_device(Manager *m, const char *seat, const char *sysfs) {
                 return -ENOMEM;
 
         mkdir_p_label("/etc/udev/rules.d", 0755);
                 return -ENOMEM;
 
         mkdir_p_label("/etc/udev/rules.d", 0755);

-        mac_selinux_init("/etc");

         r = write_string_file_atomic_label(file, rule);
         if (r < 0)
                 return r;
         r = write_string_file_atomic_label(file, rule);
         if (r < 0)
                 return r;