On Wed, May 11, 2011 at 04:27:59PM +0200, Kay Sievers wrote: > On Wed, May 11, 2011 at 15:54, Greg KH <g...@kroah.com> wrote: > > On Wed, May 11, 2011 at 01:22:42PM +0200, John Johansen wrote: > >> On 05/11/2011 03:59 AM, Greg KH wrote: > >> > On Tue, May 10, 2011 at 03:55:24PM -0700, Casey Schaufler wrote: > >> >> On 5/10/2011 3:34 PM, Greg KH wrote: > >> >>> From: Greg Kroah-Hartman <gre...@suse.de> > >> >>> > >> >>> In the interest of keeping userspace from having to create new root > >> >>> filesystems all the time, let's follow the lead of the other in-kernel > >> >>> filesystems and provide a proper mount point for it in sysfs. > >> >>> > >> >>> For selinuxfs, this mount point should be in /sys/fs/selinux/ > >> >> > >> >> It seems that we might want this to be an LSM interface standard. > >> >> Is the call to kobject_create_and_add and associated cleanup all > >> >> that's required? I would want Smack to follow the convention as > >> >> well. > >> > > >> > You could always just create a subdir under /sys/security/ if you have > >> > your own filesystem, but I don't think that Smack has one, right? > >> > > >> > Is it going to get one? If so, we might want to revisit the idea of > >> > securityfs if no one is actually using it... > >> > > >> resending, as this looks to have been lost > >> > >> AppArmor, IMA, and TOMOYO are using securityfs currently. > > > > Great, then it will not go anywhere. > > Just to get an idea how all this fits together. How can TPM bios and > IMA/AppArmor share this directory? They have their own subdirs in > there, or both just use the securityfs infrastructure and not their > own filesystem on top?
Only one security module is allowed to be loaded/active at any one point in time, so they can't step on each other. thanks, greg k-h _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
