[DSE-Dev] Bug#682068: selinux + piuparts
Laurent Bigonville
bigon at debian.org
Tue Jan 7 10:34:49 UTC 2014
Hello,
Any news for this bug?
I've an extra request related to this.
According to [0] the selinuxfs in the chroot should be mounted as
read-only so the userspace inside the chroot thinks selinux is disabled.
If we are not doing this, dpkg (and other selinux-aware software) might
fail (see #734193).
According to this post[1] in this discussion, the selinuxfs should
be bound instead of mounted and then should be remounted as read-only
mount --bind /sys/fs/selinux /var/chroot/sys/fs/selinux
mount -o remount,ro,bind /var/chroot/sys/fs/selinux
I guess that mounting the selinuxfs as read-only is a bit more urgent
than moving the mountpoint.
Cheers,
Laurent Bigonville
[0] http://comments.gmane.org/gmane.comp.security.selinux/15349
[1] http://permalink.gmane.org/gmane.comp.security.selinux/15870
More information about the SELinux-devel
mailing list