[systemd-devel] [PATCH] SELINUX: add /sys/fs/selinux mountpoint to put selinuxfs

Tetsuo Handa penguin-kernel at I-love.SAKURA.ne.jp
Wed May 11 15:14:29 PDT 2011


Mimi Zohar wrote:
> Just clarifying for the record that securityfs has typically been
> mounted as /sys/kernel/security, not directly as /sys/security. So it
> would be /sys/kernel/security/selinux that you're discussing.

Mounting securityfs on /sys/kernel/security/ is a bit tricky.
/sys/ likely exists in all distros using 2.6 kernels.

However, openSuSE has /sys/kernel/debug/ directory on the / partition (i.e.
/sys/kernel/ exists even if sysfs is not yet mounted). Userland tools that
assume that sysfs is already mounted on /sys/ if /sys/kernel/ exists will fail.

Also, userland tools have to mount /sys/ on sysfs if it is not yet mounted
(e.g. as of /sbin/init starts) before mounting securityfs on
/sys/kernel/security/ . Also userland tools which was executed as of /sbin/init
starts have to unmount /sys/ and /sys/kernel/security/ before continuing boot
procedure, or some distributions fails to boot at mounting /sys/ (which is
listed on /etc/fstab) if /sys/ was already mounted.

Personally, /proc/security/$modulename/ would reduce dependency and make
things simpler.


More information about the systemd-devel mailing list