core: move mount_setup_early() to main.c

move mount_setup_early() call to main.c, before security module setup,
so there are no more repeat calls.

diff --git a/src/core/ima-setup.c b/src/core/ima-setup.c
index e8cc1ba..7f8ec23 100644 (file)
--- a/src/core/ima-setup.c
+++ b/src/core/ima-setup.c
@@ -50,11 +50,6 @@ int ima_setup(void) {
        int policyfd = -1, imafd = -1;
        int result = 0;
 
-#ifndef HAVE_SELINUX
-       /* Mount the securityfs filesystem */
-       mount_setup_early();
-#endif
-
        if (stat(IMA_POLICY_PATH, &st) < 0)
                return 0;
 

diff --git a/src/core/main.c b/src/core/main.c
index 1c2453c..24d8d3e 100644 (file)
--- a/src/core/main.c
+++ b/src/core/main.c
@@ -1357,6 +1357,7 @@ int main(int argc, char *argv[]) {
                 }
 
                 if (!skip_setup) {
+                        mount_setup_early();
                         if (selinux_setup(&loaded_policy) < 0)
                                 goto finish;
                         if (ima_setup() < 0)

diff --git a/src/core/selinux-setup.c b/src/core/selinux-setup.c
index e9c0de9..0723d7c 100644 (file)
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@@ -58,9 +58,6 @@ int selinux_setup(bool *loaded_policy) {
        cb.func_log = null_log;
        selinux_set_callback(SELINUX_CB_LOG, cb);
 
-       /* Make sure getcon() works, which needs /proc and /sys */
-       mount_setup_early();
-
        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
        if (r == 0) {