[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mount point to put selinuxfs
Greg KH
greg at kroah.com
Wed May 11 09:15:00 PDT 2011
On Wed, May 11, 2011 at 11:50:57AM -0400, Eric Paris wrote:
> On Wed, May 11, 2011 at 11:13 AM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> > On Wed, 2011-05-11 at 10:58 -0400, Eric Paris wrote:
> >> On Wed, May 11, 2011 at 10:54 AM, John Johansen
>
> >> > AppArmor, Tomoyo and IMA all create their own subdirectoy under securityfs
> >> > so this should not be a problem
> >>
> >> I guess the question is, should SELinux try to move to /sys/fs/selinux
> >> or /sys/security/selinux. The only minor issue I see with the later
> >> is that it requires both sysfs and securityfs to be mounted before you
> >> can mount selinuxfs, whereas the first only requires sysfs. Stephen,
> >> Casey, either of you have thoughts on the matter?
> >
> > Unless we plan to re-implement selinuxfs as securityfs nodes, I don't
> > see why we'd move to /sys/security/selinux; we don't presently depend on
> > securityfs and it isn't commonly mounted today. selinuxfs has some
> > specialized functionality that may not be trivial to reimplement via
> > securityfs, and there was concern about userspace compatibility breakage
> > when last we considered using securityfs.
>
> The reason we would move to /sys/security/ instead of /sys/fs/ is
> because other LSMs are already there and it would look consistent.
> Obviously where selinuxfs gets mounted it determined by userspace and
> is going to require a tools change. The tools could mount securityfs
> if it wasn't mounted. Obviously it would mean SELinux would have to
> select securityfs even though we didn't use it....
>
> I'm up for either location, but I'm leaning towards /sys/security/
> instead of /sys/fs if we know that's where other LSMs are going to
> live...
Due to the history of selinuxfs, I say just move it to /sys/fs/selinux
and leave /sys/security alone please.
thanks,
greg k-h
More information about the systemd-devel
mailing list