core/mount-setup.c: also relabel /dev/shm for selinux (#3039)

daemons, which wish to transition state from the initramfs to the real
root, might use /dev/shm for their state.

As /dev is not relabeled across mount points, /dev/shm has to be
relabled explicitly.

diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c
index 32fe51c67ea349026790d2ae9be7f9cd0488aaff..40fc548b42fb3c610a010afa2272aad706cee2ac 100644 (file)
--- a/src/core/mount-setup.c
+++ b/src/core/mount-setup.c
@@ -375,6 +375,7 @@ int mount_setup(bool loaded_policy) {
                 before_relabel = now(CLOCK_MONOTONIC);
 
                 nftw("/dev", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
+                nftw("/dev/shm", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
                 nftw("/run", nftw_cb, 64, FTW_MOUNT|FTW_PHYS|FTW_ACTIONRETVAL);
 
                 after_relabel = now(CLOCK_MONOTONIC);