[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mount point to put selinuxfs

Stephen Smalley sds at tycho.nsa.gov
Wed May 11 08:13:13 PDT 2011


On Wed, 2011-05-11 at 10:58 -0400, Eric Paris wrote:
> On Wed, May 11, 2011 at 10:54 AM, John Johansen
> <john.johansen at canonical.com> wrote:
> > On 05/11/2011 04:52 PM, Kay Sievers wrote:
> >> On Wed, May 11, 2011 at 16:43, Greg KH <greg at kroah.com> wrote:
> >>> On Wed, May 11, 2011 at 04:27:59PM +0200, Kay Sievers wrote:
> >>>> On Wed, May 11, 2011 at 15:54, Greg KH <greg at kroah.com> wrote:
> >>>>> On Wed, May 11, 2011 at 01:22:42PM +0200, John Johansen wrote:
> >>>>>> On 05/11/2011 03:59 AM, Greg KH wrote:
> >>>>>>> On Tue, May 10, 2011 at 03:55:24PM -0700, Casey Schaufler wrote:
> >>>>>>>> On 5/10/2011 3:34 PM, Greg KH wrote:
> >>>>>>>>> From: Greg Kroah-Hartman <gregkh at suse.de>
> >>>>>>>>>
> >>>>>>>>> In the interest of keeping userspace from having to create new root
> >>>>>>>>> filesystems all the time, let's follow the lead of the other in-kernel
> >>>>>>>>> filesystems and provide a proper mount point for it in sysfs.
> >>>>>>>>>
> >>>>>>>>> For selinuxfs, this mount point should be in /sys/fs/selinux/
> >>>>>>>>
> >>>>>>>> It seems that we might want this to be an LSM interface standard.
> >>>>>>>> Is the call to kobject_create_and_add and associated cleanup all
> >>>>>>>> that's required? I would want Smack to follow the convention as
> >>>>>>>> well.
> >>>>>>>
> >>>>>>> You could always just create a subdir under /sys/security/ if you have
> >>>>>>> your own filesystem, but I don't think that Smack has one, right?
> >>>>>>>
> >>>>>>> Is it going to get one?  If so, we might want to revisit the idea of
> >>>>>>> securityfs if no one is actually using it...
> >>>>>>>
> >>>>>> resending, as this looks to have been lost
> >>>>>>
> >>>>>> AppArmor, IMA, and TOMOYO are using securityfs currently.
> >>>>>
> >>>>> Great, then it will not go anywhere.
> >>>>
> >>>> Just to get an idea how all this fits together. How can TPM bios and
> >>>> IMA/AppArmor share this directory? They have their own subdirs in
> >>>> there, or both just use the securityfs infrastructure and not their
> >>>> own filesystem on top?
> >>>
> >>> Only one security module is allowed to be loaded/active at any one point
> >>> in time, so they can't step on each other.
> >>
> >> Right, but what I don't understand is CONFIG_TCG_TPM, which seem to
> >> use securityfs, and is not a LSM. This and AppArmor/IMA can be used at
> >> the same time, can't it? They share securityfs then?
> >>
> > AppArmor, Tomoyo and IMA all create their own subdirectoy under securityfs
> > so this should not be a problem
> 
> I guess the question is, should SELinux try to move to /sys/fs/selinux
> or /sys/security/selinux.  The only minor issue I see with the later
> is that it requires both sysfs and securityfs to be mounted before you
> can mount selinuxfs, whereas the first only requires sysfs.  Stephen,
> Casey, either of you have thoughts on the matter?

Unless we plan to re-implement selinuxfs as securityfs nodes, I don't
see why we'd move to /sys/security/selinux; we don't presently depend on
securityfs and it isn't commonly mounted today.  selinuxfs has some
specialized functionality that may not be trivial to reimplement via
securityfs, and there was concern about userspace compatibility breakage
when last we considered using securityfs.

-- 
Stephen Smalley
National Security Agency



More information about the systemd-devel mailing list