init: selinux: don't relabel virtual filesystems

Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/initd/init.c b/initd/init.c
index 29e441d36189c4bd704a40447ca5245088e07869..7b1a37f2fb694a38b5e730fdb72bef8298c752bc 100644 (file)
--- a/initd/init.c
+++ b/initd/init.c
@@ -88,7 +88,9 @@ selinux(char **argv)
                        return 0;
                }
                /* Second call: restore filesystem labels */
-               ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE);
+               const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 };
+               selinux_restorecon_set_exclude_list(exclude_list);
+               ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL);
                putenv("SELINUX_RESTORECON=1");
        } else {
                /* First call: load policy */