On Wed, May 11, 2011 at 11:50:57AM -0400, Eric Paris wrote: > On Wed, May 11, 2011 at 11:13 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > > On Wed, 2011-05-11 at 10:58 -0400, Eric Paris wrote: > >> On Wed, May 11, 2011 at 10:54 AM, John Johansen > > >> > AppArmor, Tomoyo and IMA all create their own subdirectoy under > >> > securityfs > >> > so this should not be a problem > >> > >> I guess the question is, should SELinux try to move to /sys/fs/selinux > >> or /sys/security/selinux. The only minor issue I see with the later > >> is that it requires both sysfs and securityfs to be mounted before you > >> can mount selinuxfs, whereas the first only requires sysfs. Stephen, > >> Casey, either of you have thoughts on the matter? > > > > Unless we plan to re-implement selinuxfs as securityfs nodes, I don't > > see why we'd move to /sys/security/selinux; we don't presently depend on > > securityfs and it isn't commonly mounted today. selinuxfs has some > > specialized functionality that may not be trivial to reimplement via > > securityfs, and there was concern about userspace compatibility breakage > > when last we considered using securityfs. > > The reason we would move to /sys/security/ instead of /sys/fs/ is > because other LSMs are already there and it would look consistent. > Obviously where selinuxfs gets mounted it determined by userspace and > is going to require a tools change. The tools could mount securityfs > if it wasn't mounted. Obviously it would mean SELinux would have to > select securityfs even though we didn't use it.... > > I'm up for either location, but I'm leaning towards /sys/security/ > instead of /sys/fs if we know that's where other LSMs are going to > live...
Due to the history of selinuxfs, I say just move it to /sys/fs/selinux and leave /sys/security alone please. thanks, greg k-h _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
