When setting up a chroot the selinux community will sometimes use the following set of steps. mount --bind /selinux /var/chroot/selinux mount -o remount,ro /var/chroot/selinux Under F14 util-linux-ng-2.18-4.8.fc14.x86_64 the remount command results in: mount("/selinux", "/var/chroot/selinux", 0x7ff5f154ea69, MS_MGC_VAL|MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = 0 Which clearly includes MS_BIND Under F15 util-linux-2.19.1-1.4.fc15.x86_64 the remount command results in: mount("selinuxfs", "/var/chroot/selinux", 0x7ffc9dd917b0, MS_REMOUNT|MS_RELATIME, NULL) = 0 Which does NOT include the MS_BIND option. This means that in F14 we got /selinux RW and /var/chroot/selinux RO but in F15 BOTH /selinux and /var/chroot/selinux are RO. I can work around this by using the command: mount -o remount,ro,bind /var/chroot/selinux in F15, but mount broke code that was already working and I don't understand why.....
apparently this is a result of the switch from mtab to /proc/mounts so mount doesn't know it is a bind.... dooh
Yes, this is known issue which is documented in the mount man page. Maybe we need something like mount --ro-bind /mountpoint to provide more user-friendly command line interface for the crazy MS_RDONLY|MS_REMOUNT|MS_BIND semantic.
Note that I have added this to the upstream TODO file. We need this for all propagation flags (MS_SHARE, MS_PRIVATE, ...).