Mimi Zohar wrote: > Just clarifying for the record that securityfs has typically been > mounted as /sys/kernel/security, not directly as /sys/security. So it > would be /sys/kernel/security/selinux that you're discussing.
Mounting securityfs on /sys/kernel/security/ is a bit tricky. /sys/ likely exists in all distros using 2.6 kernels. However, openSuSE has /sys/kernel/debug/ directory on the / partition (i.e. /sys/kernel/ exists even if sysfs is not yet mounted). Userland tools that assume that sysfs is already mounted on /sys/ if /sys/kernel/ exists will fail. Also, userland tools have to mount /sys/ on sysfs if it is not yet mounted (e.g. as of /sbin/init starts) before mounting securityfs on /sys/kernel/security/ . Also userland tools which was executed as of /sbin/init starts have to unmount /sys/ and /sys/kernel/security/ before continuing boot procedure, or some distributions fails to boot at mounting /sys/ (which is listed on /etc/fstab) if /sys/ was already mounted. Personally, /proc/security/$modulename/ would reduce dependency and make things simpler. _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
