[systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?
Kay Sievers
kay.sievers at vrfy.org
Sat Apr 30 09:44:13 PDT 2011
On Sat, Apr 30, 2011 at 02:54, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> On Fri, 29.04.11 17:46, Greg KH (greg at kroah.com) wrote:
>
>> > > I think /srv actually makes a lot of sense. Probably not so much on the
>> > > desktop, but the boundaries are blurry, and I see no reason to set
>> > > things up differently in this respect between servers and desktops. I
>> > > see little benefit in removing this directory.
>> > >
>> > I think moving /selinux is a bit more complicated then just a simple
>> > kernel change. We have libselinux changes, Lots of tools have learned
>> > over the years the path of /selinux and lots of users know about it.
>> >
>> > I am willing to work towards the goal of moving /selinux, but I might
>> > end up with a symbolic link if we can not fix all of the problems.
>>
>> A symbolic link from /selinux to point at /sys/fs/selinux/ is a good
>> idea to help people migrate. The startup tools should be able to create
>> this if /sys/fs/selinux/ is not present, right?
>
> This is not necessarily easy to do actually, since for upgraded systems
> /selinux needs to be an actual directory in the rootfs to be useful as
> mount points. At boot time the rootfs is read-only, hence removing the
> dir then and turning it into a symlink is difficult.
>
> However, we can use the same approach as we did for moving /var/run to
> /run: on new installs create it as a symlink and on upgrades simply make
> it a bind mount.
>
> For the long run we could also add %post scripts to filesystem.rpm which
> moves away the old /selinux, and recreates it as symlink. Unfortunately
> that cannot be done completely atomic, but that property is not really
> necessary here anyway I think.
>
> So, yeah, it isn't super-pretty doing this move, but we can handle it
> more or less exactly like the /var/run → /run move.
Sounds all fine. I think we should get the kernel patch merged as soon
as possible. It will not harm anything if we don't use it now, and
continue to use /selinux as long as needed. But it will definitely
help solving the chicken egg problem when we are ready to do the
switch.
Kay
More information about the systemd-devel
mailing list