I did a re-base of the working-selinuxns branch on top of latest next; this required manual conflict fixes due to the encapsulation of the policy state and refactoring of policy reload. The rebase can be found at: https://github.com/stephensmalley/selinux-kernel/tree/working-selinuxns-rebase It boots, passes the selinux-testsuite, and passes the following trivial exercising of the unshare mechanism: $ sudo bash # echo 1 > /sys/fs/selinux/unshare # unshare -m -n # umount /sys/fs/selinux # mount -t selinuxfs none /sys/fs/selinux # id uid=0(root) gid=0(root) groups=0(root) context=kernel # getenforce Permissive # load_policy # id uid=0(root) gid=0(root) groups=0(root) context=system_u:system_r:kernel_t:s0 All the same caveats apply - this is still not safe to use and has many unresolved issues as noted in the patch descriptions.
