[systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

[Lennart Poettering]

On Fri, 29.04.11 11:21, Daniel J Walsh (dwalsh at redhat.com) wrote:

> > I guess I missed some discussion of this.  You'd need to update
> > libselinux at least, definition of SELINUXMNT in
> > libselinux/src/policy.h, used by selinux_init_load_policy() to mount
> > selinuxfs for initial policy load.  And it may break rc scripts and
> > other scripts/programs that have become accustomed to /selinux.
> > 
> 
> Here is the patch I am thinking about.
> 
> I think mock might need to be updated, maybe livecd tools.
> 
>  
> +	/* We check to see if the original mount point for selinux file
> +	 * system has a selinuxfs. */
> +	do {
> +		rc = statfs("/selinux", &sfbuf);
> +	} while (rc < 0 && errno == EINTR);
> +	if (rc == 0) {
> +		if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
> +			selinux_mnt = strdup("/selinux");
> +			return;
> +		}

I like the patch. 

One little feature request where we already are on this:

Given that there is a statfs() in here anyway, could we also maybe
extend this a tiny bit, and add a statvfs() call as well, and if
ST_RDONLY is set in .f_flag consider selinux to be off? That would be
very handy in containers/chroots and stuff like that, where you might
want to make the container assume selinux is off even though the host
has it enabled. If the container/chroot manager simply bind mounts
/selinux into the namespace read-only this would then be an effective
way to make selinux appear off to the container code.

I think using whether /selinux is read-only as a flag for selinux off is
a pretty natural nice way.

mock currently tries do work-around this by placing a fake
/proc/filesystems file in the namespace, and I think that's quite
ugly. Using read-only /selinux as flag appears much nicer to me, since
it in itself already disables a number of selinux operations.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.