[systemd-devel] [PATCH] SMACK: Add configuration options. (v3)

Kay Sievers kay at vrfy.org
Tue Oct 30 16:12:36 PDT 2012


On Wed, Oct 31, 2012 at 12:04 AM, Schaufler, Casey
<casey.schaufler at intel.com> wrote:

> I have been advocating standardization of LSM interfaces
> for some time. The apparmor folks put theirs at
> /sys/kernel/security/apparmor. I would hardly say that
> /sys/fs/smack would be better than /sys/kernel/security/smack.
> I plan to move it when there's a consensus of where LSM
> filesystems should go, or when there's a compelling reason
> to go someplace in particular. I'm afraid that "SELinux does
> in this way" is not an argument *by itself* that goes very
> far with the Smack project.

/sys/kernel/security/ is its own filesystem already.

The apparmor stuff uses securityfs functionality itself, or just
mounts its independent fs below securityfs (which provides an empty
dir for it then)?

I would say, if SMACK plans to use securityfs functionality in the
future, it should go below there, if not, it should just use where the
other kernel fss go.

I think, at least a while ago, securityfs was optional and not
required for lsm stuff in the kernel config, so it might not always be
there. If that's still the case, it's something to keep in mind.

Kay


More information about the systemd-devel mailing list