From 557c98e2966e0298a301f540824e2c3fce2452e6 Mon Sep 17 00:00:00 2001
From: Daniel Golle <daniel@makrotopia.org>
Date: Sat, 7 May 2022 13:15:30 +0100
Subject: [PATCH] init: selinux: don't relabel virtual filesystems

Attempting to relabel /dev/console, /proc or /sys results in an error
message. Avoid that by excluding them when relabeling rootfs on boot.

Signed-off-by: Daniel Golle <daniel@makrotopia.org>
---
 initd/init.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/initd/init.c b/initd/init.c
index 29e441d..7b1a37f 100644
--- a/initd/init.c
+++ b/initd/init.c
@@ -88,7 +88,9 @@ selinux(char **argv)
 			return 0;
 		}
 		/* Second call: restore filesystem labels */
-		ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE);
+		const char *exclude_list[] = { "/dev/console", "/proc", "/sys", 0 };
+		selinux_restorecon_set_exclude_list(exclude_list);
+		ret = selinux_restorecon("/", SELINUX_RESTORECON_RECURSE | SELINUX_RESTORECON_MASS_RELABEL);
 		putenv("SELINUX_RESTORECON=1");
 	} else {
 		/* First call: load policy */
-- 
2.30.2