On Sun, May 01 2016, Laurent Bigonville <bi...@debian.org> wrote: > It's only doing this if /proc is not mounted, something that should > happen at early boot. > > libselinux needs to determine the status of selinux on the machine. This is > done by reading files > under /proc.
libselinux should assume selinux is disabled if there's no proc, and just do nothing. Why the safe default cannot be followed here? Can't "ls" just do it's work without policy until /proc is ready? This is going to attempt mounting /proc in containers and generally mess with event-based system initialization in unexpected ways. I personally experienced this while setting up a testing environment where selinux is _disabled_ and took me a while to track down why /proc was getting mounted over and over again. > If you want to change that, see with upstream. Do I really have to? This seems like a *very bad* idea in the first place. Funny thing: unmount will now mount /proc. Maybe I need to file a bugreport against mount.
