From 0843f2d65ea978b09f12da9ba61ee157d39ee237 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 25 Jul 2011 21:59:05 +0200
Subject: [PATCH] selinux: check PID 1 label instead of /selinux mount point to
 figure out if selinux is already initialized

---
 src/selinux-setup.c | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/selinux-setup.c b/src/selinux-setup.c
index f400f416d..620c49e68 100644
--- a/src/selinux-setup.c
+++ b/src/selinux-setup.c
@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
 #ifdef HAVE_SELINUX
        int enforce = 0;
        usec_t n;
+       security_context_t con;
 
        /* Already initialized? */
-       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
-           path_is_mount_point("/selinux") > 0)
-               return 0;
+       if (getcon_raw(&con) == 0) {
+               bool initialized;
+
+               initialized = !streq(con, "kernel");
+               freecon(con);
+
+               if (initialized)
+                       return 0;
+       }
 
        /* Before we load the policy we create a flag file to ensure
         * that after the reexec we iterate through /run and /dev to
-- 
2.30.2