selinux: check PID 1 label instead of /selinux mount point to figure out if selinux is already initialized

src/selinux-setup.c

@@ -38,11 +38,18 @@ int selinux_setup(char *const argv[]) {
 #ifdef HAVE_SELINUX
        int enforce = 0;
        usec_t n;
+       security_context_t con;
 
        /* Already initialized? */
-       if (path_is_mount_point("/sys/fs/selinux") > 0 ||
-           path_is_mount_point("/selinux") > 0)
-               return 0;
+       if (getcon_raw(&con) == 0) {
+               bool initialized;
+
+               initialized = !streq(con, "kernel");
+               freecon(con);
+
+               if (initialized)
+                       return 0;
+       }
 
        /* Before we load the policy we create a flag file to ensure
         * that after the reexec we iterate through /run and /dev to