From: Daniel Golle Date: Sat, 7 May 2022 12:15:30 +0000 (+0100) Subject: init: selinux: don't relabel virtual filesystems X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=557c98e2966e0298a301f540824e2c3fce2452e6;p=project%2Fprocd.git init: selinux: don't relabel virtual filesystems Attempting to relabel /dev/console, /proc or /sys results in an error message. Avoid that by excluding them when relabeling rootfs on boot. Signed-off-by: Daniel Golle --- diff --git a/initd/init.c b/initd/init.c index 29e441d..7b1a37f 100644 --- a/initd/init.c +++ b/initd/init.c @@ -88,7 +88,9 @@ selinux(char **argv) return 0; } /* Second call: restore filesystem labels */ - ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE); + const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 }; + selinux_restorecon_set_exclude_list(exclude_list); + ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL); putenv("SELINUX_RESTORECON=1"); } else { /* First call: load policy */