selinux: Migrate /var/empty to /mnt/empty. This helps avoid races during chromeos_startup and eliminates the need for /var/empty to be set immutable. BUG=chromium:933582 Change-Id: I1a540fe268ec2f49195e235a169cc3a4000301d3 Reviewed-on: https://chromium-review.googlesource.com/1508985 Commit-Ready: Allen Webb <allenwebb@google.com> Tested-by: Allen Webb <allenwebb@google.com> Reviewed-by: Mike Frysinger <vapier@chromium.org>

commit: 719459a124aafb0efda4694ddb78c0db054de228 [log] [tgz]
author: Allen Webb <allenwebb@google.com> Thu Mar 07 10:47:50 2019 -0800
committer: chrome-bot <chrome-bot@chromium.org> Thu Mar 07 15:04:13 2019 -0800
tree: 0401358ae370232fac92395dbff24357b22ce504
parent: d1cbd28d0c3b75657c50515f0d740a4ec172777b [diff]
diff --git a/selinux.md b/selinux.md
index 4dc83c7..09d4472 100644
--- a/selinux.md
+++ b/selinux.md

@@ -116,7 +116,7 @@
 Simple service startups are simply written in `<service-name>.conf` like
 
 ```
-exec /sbin/minijail0 -l --uts -i -v -e -t -P /var/empty -T static \
+exec /sbin/minijail0 -l --uts -i -v -e -t -P /mnt/empty -T static \
     -b / -b /dev,,1 -b /proc \
     -k tmpfs,/run,tmpfs,0xe -b /run/systemd/journal,,1 \
     -k tmpfs,/var,tmpfs,0xe -b /var/log,,1 -b /var/lib/timezone \
commit	719459a124aafb0efda4694ddb78c0db054de228	[log] [tgz]
author	Allen Webb <allenwebb@google.com>	Thu Mar 07 10:47:50 2019 -0800
committer	chrome-bot <chrome-bot@chromium.org>	Thu Mar 07 15:04:13 2019 -0800
tree	0401358ae370232fac92395dbff24357b22ce504
parent	d1cbd28d0c3b75657c50515f0d740a4ec172777b [diff]