init: only relabel rootfs if started from initramfs

Do not relabel all the filesystem if not running from initramfs, it
should only be needed in this case.
Read-write (ext4) labels should be set when generating the filesystem
just like it's done for squashfs.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>

diff --git a/initd/init.c b/initd/init.c
index 7b1a37f2fb694a38b5e730fdb72bef8298c752bc..ab6a7e180fb75a9740022caaa1de075ce57ce33e 100644 (file)
--- a/initd/init.c
+++ b/initd/init.c
@@ -80,14 +80,15 @@ selinux(char **argv)
        int ret;
        int enforce = selinux_status_getenforce();
 
+       /* is SELinux already initialized? */
        if (getenv("SELINUX_INIT")) {
-               /* SELinux already initialized */
-               if (getenv("SELINUX_RESTORECON")) {
+               /* have initramfs permissions already been restored? */
+               if (!getenv("INITRAMFS") || getenv("SELINUX_RESTORECON")) {
                        unsetenv("SELINUX_INIT");
                        unsetenv("SELINUX_RESTORECON");
                        return 0;
                }
-               /* Second call: restore filesystem labels */
+               /* Second call (initramfs only): restore filesystem labels */
                const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 };
                selinux_restorecon_set_exclude_list(exclude_list);
                ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL);