move mount_setup_early() call to main.c, before security module setup,
so there are no more repeat calls.
---
src/core/ima-setup.c | 5 -----
src/core/main.c | 1 +
src/core/selinux-setup.c | 3 ---
3 files changed, 1 insertion(+), 8 deletions(-)
diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
index e8cc1ba..7f8ec23 100644
--- a/src/core/ima-setup.c
+++ b/src/core/ima-setup.c
@@ -50,11 +50,6 @@ int ima_setup(void) {
int policyfd = -1, imafd = -1;
int result = 0;
-#ifndef HAVE_SELINUX
- /* Mount the securityfs filesystem */
- mount_setup_early();
-#endif
-
if (stat(IMA_POLICY_PATH, &st) < 0)
return 0;
diff --git a/src/core/main.c b/src/core/main.c
index 2bbea7e..c4a3075 100644
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1346,6 +1346,7 @@ int main(int argc, char *argv[]) {
}
if (!skip_setup) {
+ mount_setup_early();
if (selinux_setup(&loaded_policy) < 0)
goto finish;
if (ima_setup() < 0)
diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index e9c0de9..0723d7c 100644
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -58,9 +58,6 @@ int selinux_setup(bool *loaded_policy) {
cb.func_log = null_log;
selinux_set_callback(SELINUX_CB_LOG, cb);
- /* Make sure getcon() works, which needs /proc and /sys */
- mount_setup_early();
-
/* Already initialized by somebody else? */
r = getcon_raw(&con);
if (r == 0) {
--
1.8.1.4
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
