Bug #518164 exposed an issue during initscripts because it no longer checks /proc/mounts to determine if /selinux is really selinuxfs.

[root@newcaprica i386]# ls -l selinux/
total 16
drwxr-xr-x. 2 root root 4096 2009-09-08 12:57 booleans
-rwxr-xr-x. 1 root root    0 2009-09-08 12:57 commit_pending_bools
-rwxr-xr-x. 1 root root    1 2009-09-08 12:57 enforce
crw-r--r--. 1 root root 1, 3 2009-09-08 12:57 load
-rwxr-xr-x. 1 root root    1 2009-09-08 12:57 mls
-rwxr-xr-x. 1 root root    3 2009-09-08 12:57 policyvers
[root@newcaprica i386]# cat selinux/policyvers 
999

This fake /selinux is leftover from livecd-tools' creator.py as run via a subclassed ImageCreator class.  It is failing to clean up the fake /selinux.  This might have broken anytime in the last 2 years (or might have been there forever), but we never noticed any problem because initscripts didn't look at a fake /selinux before.

This currently breaks systems like NFS netboot where it is impossible to use selinux.