[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mount point to put selinuxfs
Serge Hallyn
serge.hallyn at canonical.com
Wed May 11 09:17:41 PDT 2011
Quoting Eric Paris (eparis at parisplace.org):
> On Wed, May 11, 2011 at 11:13 AM, Stephen Smalley <sds at tycho.nsa.gov> wrote:
> > On Wed, 2011-05-11 at 10:58 -0400, Eric Paris wrote:
> >> On Wed, May 11, 2011 at 10:54 AM, John Johansen
>
> >> > AppArmor, Tomoyo and IMA all create their own subdirectoy under securityfs
> >> > so this should not be a problem
> >>
> >> I guess the question is, should SELinux try to move to /sys/fs/selinux
> >> or /sys/security/selinux. The only minor issue I see with the later
> >> is that it requires both sysfs and securityfs to be mounted before you
> >> can mount selinuxfs, whereas the first only requires sysfs. Stephen,
> >> Casey, either of you have thoughts on the matter?
> >
> > Unless we plan to re-implement selinuxfs as securityfs nodes, I don't
> > see why we'd move to /sys/security/selinux; we don't presently depend on
> > securityfs and it isn't commonly mounted today. selinuxfs has some
> > specialized functionality that may not be trivial to reimplement via
> > securityfs, and there was concern about userspace compatibility breakage
> > when last we considered using securityfs.
>
> The reason we would move to /sys/security/ instead of /sys/fs/ is
> because other LSMs are already there and it would look consistent.
Actually I think it'd be deceptive precisely because (aiui) /sys/security
is for securityfs, while /sys/fs is for virtual filesystems.
I suppose we could whip this issue by having /sys/security be under
/sys/fs/security :) Too late for that too.
-serge
More information about the systemd-devel
mailing list