libselinux/libselinux-proc-mount-only-if-needed.patch

Index: libselinux-2.5/src/init.c
===================================================================
--- libselinux-2.5.orig/src/init.c
+++ libselinux-2.5/src/init.c
@@ -11,7 +11,6 @@
 #include <sys/vfs.h>
 #include <stdint.h>
 #include <limits.h>
-#include <sys/mount.h>

 #include "dso.h"
 #include "policy.h"
@@ -57,20 +56,18 @@ static int verify_selinuxmnt(const char

 int selinuxfs_exists(void)
 {
-	int exists = 0, mnt_rc = 0;
+	int exists = 0;
 	FILE *fp = NULL;
 	char *buf = NULL;
 	size_t len;
 	ssize_t num;

-	mnt_rc = mount("proc", "/proc", "proc", 0, 0);

 	fp = fopen("/proc/filesystems", "r");
-	if (!fp) {
-		exists = 1; /* Fail as if it exists */
-		goto out;
-	}

+	if (!fp)
+		return 1; /* Fail as if it exists */
+
 	__fsetlocking(fp, FSETLOCKING_BYCALLER);

 	num = getline(&buf, &len, fp);
@@ -85,13 +82,6 @@ int selinuxfs_exists(void)
 	free(buf);
 	fclose(fp);

-out:
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
-	if (mnt_rc == 0)
-		umount2("/proc", MNT_DETACH);
-
 	return exists;
 }
 hidden_def(selinuxfs_exists)
Index: libselinux-2.5/src/load_policy.c
===================================================================
--- libselinux-2.5.orig/src/load_policy.c
+++ libselinux-2.5/src/load_policy.c
@@ -17,6 +17,10 @@
 #include "policy.h"
 #include <limits.h>

+#ifndef MNT_DETACH
+#define MNT_DETACH 2
+#endif
+
 int security_load_policy(void *data, size_t len)
 {
 	char path[PATH_MAX];
@@ -348,11 +352,6 @@ int selinux_init_load_policy(int *enforc
 		fclose(cfg);
 		free(buf);
 	}
-#ifndef MNT_DETACH
-#define MNT_DETACH 2
-#endif
-	if (rc == 0)
-		umount2("/proc", MNT_DETACH);

 	/*
 	 * Determine the final desired mode.
@@ -402,9 +401,13 @@ int selinux_init_load_policy(int *enforc
 		}

 		goto noload;
+		if (rc == 0)
+			umount2("/proc", MNT_DETACH);
 	}
 	set_selinuxmnt(mntpoint);
-
+
+		if (rc == 0)
+			umount2("/proc", MNT_DETACH);
 	/*
 	 * Note:  The following code depends on having selinuxfs
 	 * already mounted and selinuxmnt set above.