On Sun, Dec 06 2009, Frans Pop wrote:
> On Sunday 06 December 2009, Manoj Srivastava wrote:
>> Now, if it is a clean chroot, there should be no indication that
>> there is selinux around. Of course, if the chroot mounts /proc from the
>> host, and tells us lies about the state of things, then all bets are
>> off, and we live with the warning messages that come from programs
>> believing that the /proc we are reading is telling the truth.
>
> As already mentioned, the host does not use selinux either. So even if
> /proc was mounted, it should not have made any difference.
>
> I'm not 100% sure if /proc was mounted or unmounted at the time (I did
> mount it at some point in the chroot, but am unsure exactly when and
> whether it made a difference this issue).
>
> I can try to reproduce and check if needed.
Could you please check what you get when you run:
cat /proc/mounts | grep selinuxfs
on the host and in the chroot? On a machine with selinux enabled, you
get:
none /selinux selinuxfs rw,relatime 0 0
(Well, I am not sure about the ,relatime part)
If selinuxfs is not mounted, you should never get a true
response from is_selinuc_enabled(), and in that case i would
appreciate a recipe for reproducing this (how was the chroot created,
and what were you doing in the chroot, etc), and I'll get upstream
involved in this discussion.
manoj
--
The meta-Turing test counts a thing as intelligent if it seeks to devise
and apply Turing tests to objects of its own creation. -- Lew Mammel,
Jr.
Manoj Srivastava <sriva...@acm.org> <http://www.golden-gryphon.com/>
1024D/BF24424C print 4966 F272 D093 B493 410B 924B 21BA DABB BF24 424C
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
