selinux: early exit in mac_selinux_maybe_reload if not initialized

Binaries might not initialize SELinux, e.g. when they normally do not
create files with the SELinux default context.
If they, via an internal libary function, call a _label() function,
mac_selinux_maybe_reload() gets called. Since the SELinux status page
has not been opened, selinux_status_updated() will fail with EINVAL.

This affects particularly test binaries.

Just exit early and avoid confusing debug logs.

diff --git a/src/basic/selinux-util.c b/src/basic/selinux-util.c
index 2876b718bf8e21d4a9cc431c8569ed3a4ef6e8d1..9b3b15d387d452e6387ae619bf1840f659465f54 100644 (file)
--- a/src/basic/selinux-util.c
+++ b/src/basic/selinux-util.c
@@ -153,6 +153,9 @@ void mac_selinux_maybe_reload(void) {
 #if HAVE_SELINUX
         int r;
 
+        if (!initialized)
+                return;
+
         r = selinux_status_updated();
         if (r < 0)
                 log_debug_errno(errno, "Failed to update SELinux from status page: %m");