selinux: improve comment about getcon_raw semantics

This code was changed in this pull request: https://github.com/systemd/systemd/pull/16571 After some discussion and more investigation, we better understand what's going on. So, update the comment, so things are more clear to future readers.
2020-08-03 09:19:49 -07:00 · 2020-08-03 09:19:49 -07:00 · a119185c02
parent 3f449f2106
commit a119185c02
1 changed files with 4 additions and 1 deletions
--- a/src/core/selinux-setup.c
+++ b/src/core/selinux-setup.c
@ -50,7 +50,10 @@ int mac_selinux_setup(bool *loaded_policy) {

        /* Already initialized by somebody else? */
        r = getcon_raw(&con);
-        /* getcon_raw can return 0, and still give us a NULL pointer. */
+        /* getcon_raw can return 0, and still give us a NULL pointer if
+         * /proc/self/attr/current is empty. SELinux guarantees this won't
+         * happen, but that file isn't specific to SELinux, and may be provided
+         * by some other arbitrary LSM with different semantics. */
        if (r == 0 && con) {
                initialized = !streq(con, "kernel");
                freecon(con);