X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fselinux-setup.c;h=a7e1fa4007f055793a3b66fab966ff3d7886420e;hp=fdc316048add74cf1844f6d570219576286e0611;hb=64661ee70d5a10c6208a1cb66ecd8b158e2d8bc5;hpb=0b3325e79eb98f2e5bc19a1b0efd99e693b31a99

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index fdc316048..a7e1fa400 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -30,6 +30,7 @@
 #endif
 
 #include "selinux-setup.h"
+#include "mount-setup.h"
 #include "macro.h"
 #include "util.h"
 #include "log.h"
@@ -45,6 +46,9 @@ int selinux_setup(bool *loaded_policy) {
 
        assert(loaded_policy);
 
+       /* Make sure getcon() works, which needs /proc and /sys */
+       mount_setup_early();
+
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {
@@ -69,9 +73,11 @@ int selinux_setup(bool *loaded_policy) {
                char timespan[FORMAT_TIMESPAN_MAX];
                char *label;
 
+               label_retest_selinux();
+
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
-               if (r < 0) {
+               if (r < 0 || label == NULL) {
                        log_open();
                        log_error("Failed to compute init label, ignoring.");
                } else {
@@ -92,11 +98,13 @@ int selinux_setup(bool *loaded_policy) {
                *loaded_policy = true;
 
        } else {
+               log_open();
+
                if (enforce > 0) {
-                       log_error("Failed to load SELinux policy.");
+                       log_error("Failed to load SELinux policy. Freezing.");
                        return -EIO;
                } else
-                       log_debug("Unable to load SELinux policy.");
+                       log_debug("Unable to load SELinux policy. Ignoring.");
        }
 #endif