[systemd-devel] [PATCH] SMACK: Add configuration options. (v3)

[Kay Sievers]

On Wed, Oct 31, 2012 at 12:30 AM, Schaufler, Casey
<casey.schaufler at intel.com> wrote:

>> Given that SMACK and SELinux have their own file systems /sys/fs/smack
>> and /sys/fs/selinux sounds like the right choice. And AppArmor uses
>> securityfs, hence /sys/kernel/security/apparmor is their root of the
>> tree.
>>
>> I hope that makes some sense?
>
> Some. If we wanted to have a convention that really works the
> underlying implementation should not be a factor. I personally
> don't care much where the smackfs filesystem gets mounted. We
> can certainly adjust userspace code to accommodate the fact
> that sometimes it's here and sometimes it's there. What I don't
> want is for it to be one place on Fedora, another on Ubuntu, a
> third on Tizen and all because each disto is holding to a
> different convention.
>
> Smack has "kernel based" as a design center. I don't believe
> in hiding behind abstractions and APIs. Programs that utilize
> Smack today often use the filesystem interfaces directly. So
> it could be a bit of a bother to change the mount point. Not
> too much, I suppose, but a bother no

I think we enter the "talking department" too much here; so to
summarize in a few words:

- systemd likes to have SMACK fully supported with the automatic fs API mounting

- systemd refuses to mount special kernel filesystems at the root of
the system, regardless of any legacy. Just put a symlink there, if
needed.

So please just decide where it should go, let us know, and we will add
all what's needed. :)

Thanks,
Kay