Hi, I'm maybe missing something, but was wondering, what is the benefit of mounting the selinuxfs in a chroot as read-only vs not mounting it at all as the user space will anyway report selinux as disabled. For example, it seems that mock is doing that (looking at the ML archive it's the primary reasons this has been implemented). I'm asking this because several tools in debian that are using chroot to build/test (pbuilder, piuparts,...) .deb are mounting the selinuxfs r/w and this is causing issues with dpkg if the policy is not installed in the chroot. I'm planing to propose to mount the selinuxfs as r/o in the chroot they are using, but I would like to understand this a bit more first. Cheers, Laurent Bigonville _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
