selinux: retest selinux after we loaded the policy

src/label.c

@@ -33,8 +33,9 @@
 
 static struct selabel_handle *label_hnd = NULL;
 
+static int use_selinux_cached = -1;
+
 static inline bool use_selinux(void) {
-        static int use_selinux_cached = -1;
 
         if (use_selinux_cached < 0)
                 use_selinux_cached = is_selinux_enabled() > 0;
@@ -42,6 +43,10 @@ static inline bool use_selinux(void) {
         return use_selinux_cached;
 }
 
+void label_retest_selinux(void) {
+        use_selinux_cached = -1;
+}
+
 #endif
 
 int label_init(void) {

src/label.h

@@ -43,4 +43,6 @@ int label_get_create_label_from_exe(const char *exe, char **label);
 
 int label_mkdir(const char *path, mode_t mode);
 
+void label_retest_selinux(void);
+
 #endif

src/selinux-setup.c

@@ -73,6 +73,8 @@ int selinux_setup(bool *loaded_policy) {
                char timespan[FORMAT_TIMESPAN_MAX];
                char *label;
 
+               label_retest_selinux();
+
                /* Transition to the new context */
                r = label_get_create_label_from_exe(SYSTEMD_BINARY_PATH, &label);
                if (r < 0 || label == NULL) {