[DSE-Dev] Bug#822679: Bug#822679: closed by Laurent Bigonville <bigon at debian.org> (Bug#822679: fixed in libselinux 2.5-2)
Yuri D'Elia
wavexx at thregr.org
Sun May 1 19:01:09 UTC 2016
On Sun, May 01 2016, Laurent Bigonville <bigon at debian.org> wrote:
> It's only doing this if /proc is not mounted, something that should
> happen at early boot.
>
> libselinux needs to determine the status of selinux on the machine. This is done by reading files
> under /proc.
libselinux should assume selinux is disabled if there's no proc, and
just do nothing.
Why the safe default cannot be followed here?
Can't "ls" just do it's work without policy until /proc is ready?
This is going to attempt mounting /proc in containers and generally mess
with event-based system initialization in unexpected ways.
I personally experienced this while setting up a testing environment
where selinux is _disabled_ and took me a while to track down why /proc
was getting mounted over and over again.
> If you want to change that, see with upstream.
Do I really have to?
This seems like a *very bad* idea in the first place.
Funny thing: unmount will now mount /proc.
Maybe I need to file a bugreport against mount.
More information about the SELinux-devel
mailing list