On Sat, 2017-04-15 at 06:23 -0400, Daniel Walsh wrote: > I believe that libselinux still reports that the system is running > with > SELinux, if the selinuxfs is not mounted > inside of the container at all. Not after the commit referenced in the subject line; you removed the fallback code to check /proc/filesystems for selinuxfs from is_selinux_enabled(), so if selinuxfs is not mounted at all, it will return 0 (not enabled). On non-Android, you can also cause is_selinux_enabled() to return 0 by not providing an /etc/selinux/config file in your container's root directory (see commit c08c4eacab8d55598b9e5caaef8a871a7a476cab), i.e. as long as you do not install selinux-policy in your container root, then it will return disabled. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
