[systemd-devel] nspawn remounts /selinux readonly, thus breaking logins
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Thu Jul 14 05:13:33 PDT 2011
On 07/08/2011 02:39 PM, Lennart Poettering wrote:
> What we currently do is mount a "fresh" selinuxfs into the container,
> and not just a bind mount. Apparently that instance isn't so fresh after
> all... So we probably should use explicit bind mounts after all, and
> then make them read-only.
>
> Most likely a similar problem exists with /proc and nspawn too, but is
> not visible really.
Hi,
it now works correctly with systemd-30, as expected.
Thanks,
Zbyszek
More information about the systemd-devel
mailing list