[DSE-Dev] Bug#682068: selinux + piuparts
bigon at debian.org
Tue Jan 7 10:34:49 UTC 2014
Any news for this bug?
I've an extra request related to this.
According to  the selinuxfs in the chroot should be mounted as
read-only so the userspace inside the chroot thinks selinux is disabled.
If we are not doing this, dpkg (and other selinux-aware software) might
fail (see #734193).
According to this post in this discussion, the selinuxfs should
be bound instead of mounted and then should be remounted as read-only
mount --bind /sys/fs/selinux /var/chroot/sys/fs/selinux
mount -o remount,ro,bind /var/chroot/sys/fs/selinux
I guess that mounting the selinuxfs as read-only is a bit more urgent
than moving the mountpoint.
More information about the SELinux-devel