selinux: fix loading policy at early boot

First, check for the cached enabled/disabled, as that's what all the
label functions used to do. Then, if initialization is not done yet,
do not cause the label functions to bail out, as it's expected to
happen at early boot.

Among other things, fixes:

systemd[1]: Failed to compute init label, ignoring.

Follow-up for: 0617da2edb91669a

1 files changed, 6 insertions, 5 deletions

diff --git a/src/shared/selinux-util.c b/src/shared/selinux-util.c
index fb7da12fb6..cdad5e1ab0 100644
--- a/src/shared/selinux-util.c
+++ b/src/shared/selinux-util.c
@@ -158,16 +158,17 @@ static int selinux_init(bool force) {
         };
         int r;
 
+        if (!mac_selinux_use())
+                return 0;
+
         if (initialized == INITIALIZED)
                 return 1;
 
         /* Internal call from this module? Unless we were explicitly configured to allow lazy initialization
-         * bail out immediately. */
+         * bail out immediately. Pretend all is good, we do not want callers to abort here, for example at
+         * early boot when the policy is being initialised. */
         if (!force && initialized != LAZY_INITIALIZED)
-                return 0;
-
-        if (!mac_selinux_use())
-                return 0;
+                return 1;
 
         r = selinux_status_open(/* netlink fallback */ 1);
         if (r < 0) {