#include <libgen.h>
#include <assert.h>
#include <unistd.h>
+#include <ftw.h>
#include "mount-setup.h"
#include "log.h"
return r;
}
+static int nftw_cb(
+ const char *fpath,
+ const struct stat *sb,
+ int tflag,
+ struct FTW *ftwbuf) {
+
+ label_fix(fpath);
+ return 0;
+};
+
int mount_setup(void) {
const char *symlinks =
if ((r = mount_one(mount_table+i)) < 0)
return r;
+ /* Nodes in devtmpfs need to be manually updated for the
+ * appropriate labels, after mounting. The other virtual API
+ * file systems do not need. */
+
+ if (unlink("/dev/.systemd/relabel-devtmpfs") >= 0)
+ nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS);
+
/* Create a few default symlinks, which are normally created
* bei udevd, but some scripts might need them before we start
* udevd. */
if (path_is_mount_point("/selinux") > 0)
return 0;
+ /* Before we load the policy we create a flag file to ensure
+ * that after the reexec we iterate through /dev to relabel
+ * things. */
+ mkdir_p("/dev/.systemd", 0755);
+ touch("/dev/.systemd/relabel-devtmpfs");
+
if (selinux_init_load_policy(&enforce) == 0) {
- log_info("Successfully loaded SELinux policy, reexecuting.");
+ log_debug("Successfully loaded SELinux policy, reexecuting.");
/* FIXME: Ideally we'd just call setcon() here instead
* of having to reexecute ourselves here. */
} else {
log_full(enforce > 0 ? LOG_ERR : LOG_DEBUG, "Failed to load SELinux policy.");
+ unlink("/dev/.systemd/relabel-devtmpfs");
+
if (enforce > 0)
return -EIO;
}
projects / systemd / commitdiff