[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mount point to put selinuxfs

Mimi Zohar zohar at linux.vnet.ibm.com
Wed May 11 13:36:55 PDT 2011


On Wed, 2011-05-11 at 16:14 -0400, Eric Paris wrote:
> On Wed, May 11, 2011 at 3:56 PM, Greg KH <greg at kroah.com> wrote:
> > On Wed, May 11, 2011 at 10:14:40AM -0700, Casey Schaufler wrote:
> >> I would prefer /sys/security for all LSMs, but if SELinux goes with /sys/fs
> >> Smack will likely follow on the theory that mirroring the current dominant
> >> LSM is more likely to please the masses than doing what the greatest number
> >> of LSMs are doing.
> >
> > Is smack going to create its own filesystem like selinux has, or is it
> > going to use securityfs?  If securityfs, then stick with what you have.
> > If you are going to create a new one, I'd be glad to work with you to
> > add anything you might need to securityfs first, but if that doesn't
> > work out, then yes, you could use /sys/fs/ for your new one.
> 
> Pretty sure we already have a securty/smack/smackfs.c .....

I must be missing something here. If you're already having to change
userspace for SELinux, then why is using /sys/fs/selinux any better
than /sys/kernel/security/fs/selinux | smack?  The other securityfs
users could continue to use /sys/kernel/security/TPM | IMA | APPARMOR
|....

thanks,

Mimi



More information about the systemd-devel mailing list