[systemd-devel] [PATCH] SMACK: Add configuration options. (v3)
Schaufler, Casey
casey.schaufler at intel.com
Tue Oct 30 17:04:36 PDT 2012
> -----Original Message-----
> From: Kay Sievers [mailto:kay at vrfy.org]
> Sent: Tuesday, October 30, 2012 4:51 PM
> To: Schaufler, Casey
> Cc: Lennart Poettering; systemd-devel at lists.freedesktop.org
> Subject: Re: [systemd-devel] [PATCH] SMACK: Add configuration options.
> (v3)
>
> On Wed, Oct 31, 2012 at 12:30 AM, Schaufler, Casey
> <casey.schaufler at intel.com> wrote:
>
> >> Given that SMACK and SELinux have their own file systems
> >> /sys/fs/smack and /sys/fs/selinux sounds like the right choice. And
> >> AppArmor uses securityfs, hence /sys/kernel/security/apparmor is
> >> their root of the tree.
> >>
> >> I hope that makes some sense?
> >
> > Some. If we wanted to have a convention that really works the
> > underlying implementation should not be a factor. I personally don't
> > care much where the smackfs filesystem gets mounted. We can certainly
> > adjust userspace code to accommodate the fact that sometimes it's
> here
> > and sometimes it's there. What I don't want is for it to be one place
> > on Fedora, another on Ubuntu, a third on Tizen and all because each
> > disto is holding to a different convention.
> >
> > Smack has "kernel based" as a design center. I don't believe in
> hiding
> > behind abstractions and APIs. Programs that utilize Smack today often
> > use the filesystem interfaces directly. So it could be a bit of a
> > bother to change the mount point. Not too much, I suppose, but a
> > bother no
>
> I think we enter the "talking department" too much here; so to
> summarize in a few words:
>
> - systemd likes to have SMACK fully supported with the automatic fs API
> mounting
Yea!
> - systemd refuses to mount special kernel filesystems at the root of
> the system, regardless of any legacy. Just put a symlink there, if
> needed.
Oh bother.
>
> So please just decide where it should go, let us know, and we will add
> all what's needed. :)
Looks like /sys/fs/smack is the pragmatic choice.
>
> Thanks,
> Kay
It's not my most favorite method of negotiation,
but I have to admit it's effective. I will start
getting the rest of the world in line with the
new location for smackfs.
Thank you.
More information about the systemd-devel
mailing list