From 524cde2e544f40dc2056d2a4c4265ddc4160784d Mon Sep 17 00:00:00 2001
From: Mattia Rizzolo <mattia@mapreri.org>
Date: Sun, 11 Oct 2015 23:54:25 +0000
Subject: modules: mount correctly selinux: bindmount from the host, and in the
 same place (/sys/fs/selinux >= wheezy, /selinux < wheezy)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Thanks: ChangZhuo Chen (陳昌倬) <czchen@gmail.com> for the patch.
Closes: #734193, #734454
---
 pbuilder-modules | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'pbuilder-modules')

diff --git a/pbuilder-modules b/pbuilder-modules
index cd61f89..a983e62 100644
--- a/pbuilder-modules
+++ b/pbuilder-modules
@@ -214,7 +214,7 @@ function umountproc () {
 	umount_one "$mnt"
     done
     if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
-	umount_one "selinux"
+	umount_one "$(grep -m 1 ^selinuxfs /proc/mounts | cut -d ' ' -f 2)"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "linux" ] && [ "$USEDEVPTS" = "yes" ]; then
 	umount_one "dev/pts"
@@ -295,9 +295,11 @@ function mountproc () {
     fi
     if [ -x /usr/sbin/selinuxenabled ] && /usr/sbin/selinuxenabled; then
 	log "I: mounting selinux filesystem"
-	mkdir -p "$BUILDPLACE/selinux"
-	mount -t selinuxfs /selinux "$BUILDPLACE/selinux"
-	mounted[${#mounted[@]}]="$BUILDPLACE/selinux"
+	local SELINUX="$(grep -m 1 ^selinuxfs /proc/mounts | cut -d ' ' -f 2)"
+	mkdir -p "$BUILDPLACE/$SELINUX"
+	mount --bind "$SELINUX" "$BUILDPLACE/$SELINUX"
+	mount -o remount,ro,bind "$BUILDPLACE/$SELINUX"
+	mounted[${#mounted[@]}]="$BUILDPLACE/$SELINUX"
     fi
     if [ "$DEB_BUILD_ARCH_OS" = "hurd" ]; then
         # /dev and /servers might have already been mounted at
-- 
cgit v1.2.3