From: Mike Yuan <me@yhndnzj.com>
Date: Fri, 12 Jan 2024 07:13:29 +0000 (+0800)
Subject: core/execute: don't reload selinux before spawning executor
X-Git-Tag: v256-rc1~1174^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=73090a38b0cf7fd62fb8dfb337885a5747e591b4;p=thirdparty%2Fsystemd.git

core/execute: don't reload selinux before spawning executor

With the introduction of sd-executor, SELinux needs to be re-initialized
after execve() anyway.
---

diff --git a/src/core/execute.c b/src/core/execute.c
index e71763763c4..5c10aabc7ef 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -382,10 +382,6 @@ int exec_spawn(Unit *unit,
         if (r < 0)
                 return log_unit_error_errno(unit, r, "Failed to load environment files: %m");
 
-        /* Fork with up-to-date SELinux label database, so the child inherits the up-to-date db
-           and, until the next SELinux policy changes, we save further reloads in future children. */
-        mac_selinux_maybe_reload();
-
         /* We won't know the real executable path until we create the mount namespace in the child, but we
            want to log from the parent, so we use the possibly inaccurate path here. */
         log_command_line(unit, "About to execute", command->path, command->argv);