Merge "init: fix SELinux denials on remounting from new netns" into main

        // Look up the filesystems that were mounted under /sys before we wiped

        // it and attempt to restore them.

        for (const auto& entry : mounts) {

            if (entry.mount_point.starts_with("/sys/")) {

            // Never mount /sys/kernel/debug/tracing. This is the *one* mount

            // that is special within Linux kernel: for backward compatibility

            // tracefs gets auto-mounted there whenever one mounts debugfs [1].

            //

            // Attempting to mount the filesystem here will cause SELinux

            // denials, because unlike *all other* filesystems in Android, it's

            // not init who mounted it so there's no policy that would allow it.

            //

            // [1] https://lore.kernel.org/lkml/20150204143755.694479564@goodmis.org/

            if (entry.mount_point.starts_with("/sys/") &&

                entry.mount_point != "/sys/kernel/debug/tracing") {

                if (mount(entry.blk_device.c_str(), entry.mount_point.c_str(),

                          entry.fs_type.c_str(), entry.flags, "")) {

                    LOG(WARNING) << "Could not mount(" << entry.mount_point