Home Explore Help
Register Sign In
OWEALs
/
procd
mirror of https://git.openwrt.org/project/procd.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

init: selinux: don't relabel virtual filesystems

Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Daniel Golle 2 years ago
parent
652e6df06f
commit
557c98e296
1 changed files with 3 additions and 1 deletions
Split View Show Diff Stats
  1. 3 1
      initd/init.c

+ 3 - 1
initd/init.c
View File 

@@ -88,7 +88,9 @@ selinux(char **argv)
 
 			return 0;
 
 		}
 
 		/* Second call: restore filesystem labels */
 
-		ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE);
 
+		const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 };
 
+		selinux_restorecon_set_exclude_list(exclude_list);
 
+		ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL);
 
 		putenv("SELINUX_RESTORECON=1");
 
 	} else {
 
 		/* First call: load policy */