Bug#734193: Please mount selinuxfs as read-only
Laurent Bigonville
bigon at debian.org
Fri Jan 17 10:14:22 UTC 2014
Hi,
As explained in #734454 (which is different but somewhat related), the
selinuxfs on the chroot should probably be mounted as readonly so the
userspace in the chroot would think that selinux is disabled.
The proper way to set the fs read-only without interfering with the
selinuxfs from the host is to bind mount it from the host and then set
it as ro like this:
mount --bind /sys/fs/selinux /var/chroot/sys/fs/selinux
mount -o remount,ro,bind /var/chroot/sys/fs/selinux
Cheers,
Laurent Bigonville
More information about the Pbuilder-maint
mailing list