journal: react with immediate rotation to a couple of more errors

[elogind.git] / src / selinux-setup.c

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index fdc316048add74cf1844f6d570219576286e0611..a7e1fa4007f055793a3b66fab966ff3d7886420e 100644 (file)
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -30,6 +30,7 @@
 #endif
 
 #include "selinux-setup.h"
+#include "mount-setup.h"
 #include "macro.h"
 #include "util.h"
 #include "log.h"
@@ -45,6 +46,9 @@ int selinux_setup(bool *loaded_policy) {
 
        assert(loaded_policy);
 
+       /* Make sure getcon() works, which needs /proc and /sys */
+       mount_setup_early();
+
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {
@@ -69,9 +73,11 @@ int selinux_setup(bool *loaded_policy) {
                char timespan[FORMAT_TIMESPAN_MAX];
                char *label;
 
+               label_retest_selinux();
+
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
-               if (r < 0) {
+               if (r < 0 || label == NULL) {
                        log_open();
                        log_error("Failed to compute init label, ignoring.");
                } else {
@@ -92,11 +98,13 @@ int selinux_setup(bool *loaded_policy) {
                *loaded_policy = true;
 
        } else {
+               log_open();
+
                if (enforce > 0) {
-                       log_error("Failed to load SELinux policy.");
+                       log_error("Failed to load SELinux policy. Freezing.");
                        return -EIO;
                } else
-                       log_debug("Unable to load SELinux policy.");
+                       log_debug("Unable to load SELinux policy. Ignoring.");
        }
 #endif