[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mount point to put selinuxfs
John Johansen
john.johansen at canonical.com
Wed May 11 13:19:48 PDT 2011
On 05/11/2011 09:56 PM, Greg KH wrote:
> On Wed, May 11, 2011 at 10:14:40AM -0700, Casey Schaufler wrote:
>> I would prefer /sys/security for all LSMs, but if SELinux goes with /sys/fs
>> Smack will likely follow on the theory that mirroring the current dominant
>> LSM is more likely to please the masses than doing what the greatest number
>> of LSMs are doing.
>
> Is smack going to create its own filesystem like selinux has, or is it
> going to use securityfs? If securityfs, then stick with what you have.
> If you are going to create a new one, I'd be glad to work with you to
> add anything you might need to securityfs first, but if that doesn't
> work out, then yes, you could use /sys/fs/ for your new one.
>
I would rather see the lsm's using the same infrastructure as much as
possible. Extending securityfs seems to me the way to go, I know we are
working on extending the apparmor interface and have been considering
transactional files (one of the features selinuxfs is using) as a possible
interface.
More information about the systemd-devel
mailing list