Package: pbuilder Version: 0.215 Severity: normal Hello,
Since Wheezy, the selinuxfs mountpoint is mounted under /sys/fs/selinux and not under /selinux anymore. Since jessie, the /selinux mountpoint is even completely gone. I'm seeing in the code that pbuilder is unconditionally mounting the selinuxfs on /selinux directory. You should probably start mounting it to /sys/fs/selinux. Note that only the selinux userspace of Wheezy and later is supporting /sys/fs/selinux. So if you want to support pre-wheezy, some hack will be required to mount it in /selinux. On the host, the location where the selinuxfs is mounted can be found by looking at /proc/mount. Also according to this discussion[0][1], the proper way to mount a selinuxfs in a chroot is to bind mount it from the host, not mount a new fs. This mountpoint should also be read-only to make the userspace think that selinux linux is disabled in the chroot. Otherwise, dpkg (and other selinux-aware tools) might fail, see #734193. The proper commands, would then be: mount --bind /sys/fs/selinux /var/chroot/sys/fs/selinux mount -o remount,ro,bind /var/chroot/sys/fs/selinux If you have any questions, do not hesitate to contact me. Cheers Laurent Bigonville [0] http://comments.gmane.org/gmane.comp.security.selinux/15349 [1] http://permalink.gmane.org/gmane.comp.security.selinux/15870 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
