[systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

[Lennart Poettering]

On Fri, 29.04.11 17:46, Greg KH (greg at kroah.com) wrote:

> > > I think /srv actually makes a lot of sense. Probably not so much on the
> > > desktop, but the boundaries are blurry, and I see no reason to set
> > > things up differently in this respect between servers and desktops. I
> > > see little benefit in removing this directory.
> > > 
> > > Lennart
> > > 
> > I think moving /selinux is  a bit more complicated then just a simple
> > kernel change.  We have libselinux changes, Lots of tools have learned
> > over the years the path of /selinux and lots of users know about it.
> > 
> > I am willing to work towards the goal of moving /selinux, but I might
> > end up with a symbolic link if we can not fix all of the problems.
> 
> A symbolic link from /selinux to point at /sys/fs/selinux/ is a good
> idea to help people migrate.  The startup tools should be able to create
> this if /sys/fs/selinux/ is not present, right?

This is not necessarily easy to do actually, since for upgraded systems
/selinux needs to be an actual directory in the rootfs to be useful as
mount points. At boot time the rootfs is read-only, hence removing the
dir then and turning it into a symlink is difficult.

However, we can use the same approach as we did for moving /var/run to
/run: on new installs create it as a symlink and on upgrades simply make
it a bind mount.

For the long run we could also add %post scripts to filesystem.rpm which
moves away the old /selinux, and recreates it as symlink. Unfortunately
that cannot be done completely atomic, but that property is not really
necessary here anyway I think.

So, yeah, it isn't super-pretty doing this move, but we can handle it
more or less exactly like the /var/run → /run move.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.