Hi, on freshly installed fedora-15 system, I've been trying out the nspawn, and running "systemd-nspawn -D debian-tree/" (i.e. just the shell) seems to cause /selinux to be remount ro on the _host_:
$ rpm -q systemd systemd-26-5.fc15.x86_64 $ mount|grep selinux selinuxfs on /selinux type selinuxfs (rw,relatime) $ sudo systemd-nspawn -D debian-tree/ /bin/true $ mount|grep selinux selinuxfs on /selinux type selinuxfs (ro,relatime) This has a nasty consequence of breaking logins: Jul 7 22:17:05 fedora-15 sshd[14261]: Accepted publickey for zbyszek from 192.168.122.1 port 51205 ssh2 Jul 7 20:17:05 fedora-15 sshd[14262]: fatal: mm_request_receive: read: Connection reset by peer Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): conversation failed Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): No response to query: Would you like to enter a security context? [N] Jul 7 22:17:05 fedora-15 sshd[14261]: pam_selinux(sshd:session): Unable to get valid context for zbyszek Jul 7 22:17:05 fedora-15 sshd[14261]: pam_unix(sshd:session): session opened for user zbyszek by (uid=0) Jul 7 22:17:05 fedora-15 sshd[14261]: error: PAM: pam_open_session(): Authentication failure Jul 7 22:17:05 fedora-15 sshd[14264]: Received disconnect from 192.168.122.1: 11: disconnected by user In case of a login on a tty, the question about a security context is displayed on the screen. In case of ssh login, if just fails without any message displayed on the remote side. - Zbyszek _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
