diff options
| author | Daniel Golle <daniel@makrotopia.org> | 2022-05-07 13:15:30 +0100 |
|---|---|---|
| committer | Daniel Golle <daniel@makrotopia.org> | 2022-06-01 20:40:23 +0100 |
| commit | 557c98e2966e0298a301f540824e2c3fce2452e6 (patch) | |
| tree | 359d37a5ae540891736ab90afbf5fae60f628c0f | |
| parent | 652e6df06f8413f19a4786a275862cfe76628093 (diff) | |
| download | procd-557c98e2966e0298a301f540824e2c3fce2452e6.tar.gz | |
init: selinux: don't relabel virtual filesystems
Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
| -rw-r--r-- | initd/init.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/initd/init.c b/initd/init.c index 29e441d..7b1a37f 100644 --- a/initd/init.c +++ b/initd/init.c @@ -88,7 +88,9 @@ selinux(char **argv) return 0; } /* Second call: restore filesystem labels */ - ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE); + const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 }; + selinux_restorecon_set_exclude_list(exclude_list); + ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL); putenv("SELINUX_RESTORECON=1"); } else { /* First call: load policy */ |