From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 25 Jul 2011 19:59:05 +0000 (+0200)
Subject: selinux: check PID 1 label instead of /selinux mount point to figure out if selinux... 
X-Git-Tag: v31~11
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=0843f2d65ea978b09f12da9ba61ee157d39ee237

selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized
---

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index f400f416d..620c49e68 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
 #ifdef HAVE_SELINUX
        int enforce = 0;
        usec_t n;
+       security_context_t con;
 
        /* Already initialized? */
-       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
-           path_is_mount_point("/selinux") > 0)
-               return 0;
+       if (getcon_raw(&con) == 0) {
+               bool initialized;
+
+               initialized = !streq(con, "kernel");
+               freecon(con);
+
+               if (initialized)
+                       return 0;
+       }
 
        /* Before we load the policy we create a flag file to ensure
         * that after the reexec we iterate through /run and /dev to