Chroots for SELinux enabled applications
by Sven Vermeulen, post on Sun 22 June 2014Today I had to prepare a chroot jail (thank you grsecurity for the neat
additional chroot protection features) for a SELinux-enabled
application. As a result, "just" making a chroot was insufficient: the
application needed access to /sys/fs/selinux
. Of course, granting
access to /sys
is not something I like …