Quoting Eric Paris (epa...@parisplace.org): > On Wed, May 11, 2011 at 11:13 AM, Stephen Smalley <s...@tycho.nsa.gov> wrote: > > On Wed, 2011-05-11 at 10:58 -0400, Eric Paris wrote: > >> On Wed, May 11, 2011 at 10:54 AM, John Johansen > > >> > AppArmor, Tomoyo and IMA all create their own subdirectoy under > >> > securityfs > >> > so this should not be a problem > >> > >> I guess the question is, should SELinux try to move to /sys/fs/selinux > >> or /sys/security/selinux. The only minor issue I see with the later > >> is that it requires both sysfs and securityfs to be mounted before you > >> can mount selinuxfs, whereas the first only requires sysfs. Stephen, > >> Casey, either of you have thoughts on the matter? > > > > Unless we plan to re-implement selinuxfs as securityfs nodes, I don't > > see why we'd move to /sys/security/selinux; we don't presently depend on > > securityfs and it isn't commonly mounted today. selinuxfs has some > > specialized functionality that may not be trivial to reimplement via > > securityfs, and there was concern about userspace compatibility breakage > > when last we considered using securityfs. > > The reason we would move to /sys/security/ instead of /sys/fs/ is > because other LSMs are already there and it would look consistent.
Actually I think it'd be deceptive precisely because (aiui) /sys/security is for securityfs, while /sys/fs is for virtual filesystems. I suppose we could whip this issue by having /sys/security be under /sys/fs/security :) Too late for that too. -serge _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
