Dear all, do you think it would make sense to remove the FHS exception for the /selinux directory in the next version of the Policy ?
See the attached patch. Have a nice day, -- Charles Plessy, Tsurumi, Kanagawa, Japan Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit : > Package: debian-policy > Severity: wishlist > > Dear all, > > in light of the message below, maybe the exception to the FHS for > <file>/selinux</file> can be removed from the Policy in the future ? > > Cheers > > -- Charles > > ----- Forwarded message from Laurent Bigonville <bi...@debian.org> ----- > > Date: Tue, 7 May 2013 16:51:41 +0200 > From: Laurent Bigonville <bi...@debian.org> > To: debian-de...@lists.debian.org > Cc: selinux-de...@lists.alioth.debian.org > Subject: Removal of the /selinux directory > Message-ID: <20130507165141.1bbec...@soldur.bigon.be> > X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) > > Hello, > > I'm planning to upload a new version of libselinux in unstable > soon. This new version is dropping the /selinux directory that was used > in the past as the selinuxfs mountpoint. > > Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux, > and falling back to /selinux if the former is not available during > early boot. > > All the selinux userspace tools and libraries should already be aware of > this change. If you have packages that directly mount or manipulate > the selinuxfs, you should probably check that it use the correct paths > (ie. piupart, bug #682068). > > I'm intentionally not forcing the migration to the new mountpoint nor > forcing the deletion of the directory on upgrade as, in my mind, if a > Wheezy machine is still using the old mountpoint that might be for > perfectly valid reasons and the package shouldn't touch it. > A discussion has already been initiated on the bug report, see: #658070. > > Any remark on this? > > Cheers > > Laurent Bigonville > > > > ----- End forwarded message -----
>From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001 From: Charles Plessy <ple...@debian.org> Date: Mon, 16 Sep 2013 11:43:02 +0900 Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux directory. Wording: Charles Plessy <ple...@debian.org> Closes: #707183 --- policy.sgml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/policy.sgml b/policy.sgml index 2708242..90ae9fe 100644 --- a/policy.sgml +++ b/policy.sgml @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) stable release of Debian supports <file>/run</file>. </p> </item> - <item> - <p> - The following directories in the root filesystem are - additionally allowed: <file>/sys</file> and - <file>/selinux</file>. <footnote>These directories - are used as mount points to mount virtual filesystems - to get access to kernel information.</footnote> - </p> - </item> + <item> + <p> + The <file>/sys</file> in the root filesystem is additionally + allowed. <footnote>This directory is used as mount point to + mount virtual filesystems to get access to kernel + information.</footnote> + </p> + </item> <item> <p> On GNU/Hurd systems, the following additional -- 1.8.4.rc3
