On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote: > Dear all,
> do you think it would make sense to remove the FHS exception for the /selinux > directory in the next version of the Policy ? > See the attached patch. Seconded. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developer http://www.debian.org/ slanga...@ubuntu.com vor...@debian.org > -- Charles Plessy, Tsurumi, Kanagawa, Japan > > Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit : > > Package: debian-policy > > Severity: wishlist > > > > Dear all, > > > > in light of the message below, maybe the exception to the FHS for > > <file>/selinux</file> can be removed from the Policy in the future ? > > > > Cheers > > > > -- Charles > > > > ----- Forwarded message from Laurent Bigonville <bi...@debian.org> ----- > > > > Date: Tue, 7 May 2013 16:51:41 +0200 > > From: Laurent Bigonville <bi...@debian.org> > > To: debian-de...@lists.debian.org > > Cc: selinux-de...@lists.alioth.debian.org > > Subject: Removal of the /selinux directory > > Message-ID: <20130507165141.1bbec...@soldur.bigon.be> > > X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) > > > > Hello, > > > > I'm planning to upload a new version of libselinux in unstable > > soon. This new version is dropping the /selinux directory that was used > > in the past as the selinuxfs mountpoint. > > > > Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux, > > and falling back to /selinux if the former is not available during > > early boot. > > > > All the selinux userspace tools and libraries should already be aware of > > this change. If you have packages that directly mount or manipulate > > the selinuxfs, you should probably check that it use the correct paths > > (ie. piupart, bug #682068). > > > > I'm intentionally not forcing the migration to the new mountpoint nor > > forcing the deletion of the directory on upgrade as, in my mind, if a > > Wheezy machine is still using the old mountpoint that might be for > > perfectly valid reasons and the package shouldn't touch it. > > A discussion has already been initiated on the bug report, see: #658070. > > > > Any remark on this? > > > > Cheers > > > > Laurent Bigonville > > > > > > > > ----- End forwarded message ----- > >From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001 > From: Charles Plessy <ple...@debian.org> > Date: Mon, 16 Sep 2013 11:43:02 +0900 > Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux > directory. > > Wording: Charles Plessy <ple...@debian.org> > Closes: #707183 > --- > policy.sgml | 17 ++++++++--------- > 1 file changed, 8 insertions(+), 9 deletions(-) > > diff --git a/policy.sgml b/policy.sgml > index 2708242..90ae9fe 100644 > --- a/policy.sgml > +++ b/policy.sgml > @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) > stable release of Debian supports <file>/run</file>. > </p> > </item> > - <item> > - <p> > - The following directories in the root filesystem are > - additionally allowed: <file>/sys</file> and > - <file>/selinux</file>. <footnote>These directories > - are used as mount points to mount virtual filesystems > - to get access to kernel information.</footnote> > - </p> > - </item> > + <item> > + <p> > + The <file>/sys</file> in the root filesystem is additionally > + allowed. <footnote>This directory is used as mount point to > + mount virtual filesystems to get access to kernel > + information.</footnote> > + </p> > + </item> > <item> > <p> > On GNU/Hurd systems, the following additional > -- > 1.8.4.rc3 >
signature.asc
Description: Digital signature
