X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fselinux-setup.c;h=620c49e686a56646ba25cc01b0d69bee9b842908;hp=c32c7ad8db5fb9c59341a63fc6c1d38d2e367a11;hb=0843f2d65ea978b09f12da9ba61ee157d39ee237;hpb=3bbecb2f2cd758e2513993efad01180c7c3c665f

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index c32c7ad8d..620c49e68 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -37,18 +37,32 @@
 int selinux_setup(char *const argv[]) {
 #ifdef HAVE_SELINUX
        int enforce = 0;
+       usec_t n;
+       security_context_t con;
 
        /* Already initialized? */
-       if (path_is_mount_point("/selinux") > 0)
-               return 0;
+       if (getcon_raw(&con) == 0) {
+               bool initialized;
+
+               initialized = !streq(con, "kernel");
+               freecon(con);
+
+               if (initialized)
+                       return 0;
+       }
 
        /* Before we load the policy we create a flag file to ensure
         * that after the reexec we iterate through /run and /dev to
         * relabel things. */
        touch("/dev/.systemd-relabel-run-dev");
 
+       n = now(CLOCK_MONOTONIC);
        if (selinux_init_load_policy(&enforce) == 0) {
-               log_debug("Successfully loaded SELinux policy, reexecuting.");
+               char buf[FORMAT_TIMESPAN_MAX];
+
+               n = now(CLOCK_MONOTONIC) - n;
+               log_info("Successfully loaded SELinux policy in %s, reexecuting.",
+                         format_timespan(buf, sizeof(buf), n));
 
                /* FIXME: Ideally we'd just call setcon() here instead
                 * of having to reexecute ourselves here. */