Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
3 views
Skip to first unread message
Charles Plessy
May 7, 2013, 8:40:01 PM5/7/13
to
Package: debian-policy
Severity: wishlist
Dear all,
in light of the message below, maybe the exception to the FHS for
<file>/selinux</file> can be removed from the Policy in the future ?
Cheers
-- Charles
----- Forwarded message from Laurent Bigonville <bi...@debian.org> -----
Date: Tue, 7 May 2013 16:51:41 +0200
From: Laurent Bigonville <bi...@debian.org>
To: debian...@lists.debian.org
Cc: selinu...@lists.alioth.debian.org
Subject: Removal of the /selinux directory
Message-ID: <20130507165...@soldur.bigon.be>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Hello,
I'm planning to upload a new version of libselinux in unstable
soon. This new version is dropping the /selinux directory that was used
in the past as the selinuxfs mountpoint.
Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux,
and falling back to /selinux if the former is not available during
early boot.
All the selinux userspace tools and libraries should already be aware of
this change. If you have packages that directly mount or manipulate
the selinuxfs, you should probably check that it use the correct paths
(ie. piupart, bug #682068).
I'm intentionally not forcing the migration to the new mountpoint nor
forcing the deletion of the directory on upgrade as, in my mind, if a
Wheezy machine is still using the old mountpoint that might be for
perfectly valid reasons and the package shouldn't touch it.
A discussion has already been initiated on the bug report, see: #658070.
Any remark on this?
Cheers
Laurent Bigonville
----- End forwarded message -----
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Severity: wishlist
Dear all,
in light of the message below, maybe the exception to the FHS for
<file>/selinux</file> can be removed from the Policy in the future ?
Cheers
-- Charles
----- Forwarded message from Laurent Bigonville <bi...@debian.org> -----
Date: Tue, 7 May 2013 16:51:41 +0200
From: Laurent Bigonville <bi...@debian.org>
To: debian...@lists.debian.org
Cc: selinu...@lists.alioth.debian.org
Subject: Removal of the /selinux directory
Message-ID: <20130507165...@soldur.bigon.be>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
Hello,
I'm planning to upload a new version of libselinux in unstable
soon. This new version is dropping the /selinux directory that was used
in the past as the selinuxfs mountpoint.
Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux,
and falling back to /selinux if the former is not available during
early boot.
All the selinux userspace tools and libraries should already be aware of
this change. If you have packages that directly mount or manipulate
the selinuxfs, you should probably check that it use the correct paths
(ie. piupart, bug #682068).
I'm intentionally not forcing the migration to the new mountpoint nor
forcing the deletion of the directory on upgrade as, in my mind, if a
Wheezy machine is still using the old mountpoint that might be for
perfectly valid reasons and the package shouldn't touch it.
A discussion has already been initiated on the bug report, see: #658070.
Any remark on this?
Cheers
Laurent Bigonville
----- End forwarded message -----
--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org
Charles Plessy
Sep 15, 2013, 10:50:01 PM9/15/13
to
Dear all,
do you think it would make sense to remove the FHS exception for the /selinux
directory in the next version of the Policy ?
See the attached patch.
Have a nice day,
-- Charles Plessy, Tsurumi, Kanagawa, Japan
Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a �crit :
do you think it would make sense to remove the FHS exception for the /selinux
directory in the next version of the Policy ?
See the attached patch.
Have a nice day,
-- Charles Plessy, Tsurumi, Kanagawa, Japan
Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a �crit :
Steve Langasek
Sep 16, 2013, 12:20:01 AM9/16/13
to
On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote:
> Dear all,
> do you think it would make sense to remove the FHS exception for the /selinux
> directory in the next version of the Policy ?
> See the attached patch.
Seconded.
> Dear all,
> do you think it would make sense to remove the FHS exception for the /selinux
> directory in the next version of the Policy ?
> See the attached patch.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slan...@ubuntu.com vor...@debian.org
> -- Charles Plessy, Tsurumi, Kanagawa, Japan
>
> From: Charles Plessy <ple...@debian.org>
> Date: Mon, 16 Sep 2013 11:43:02 +0900
> Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux
> directory.
>
> Wording: Charles Plessy <ple...@debian.org>
> Closes: #707183
> ---
> policy.sgml | 17 ++++++++---------
> 1 file changed, 8 insertions(+), 9 deletions(-)
>
> diff --git a/policy.sgml b/policy.sgml
> index 2708242..90ae9fe 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
> stable release of Debian supports <file>/run</file>.
> </p>
> </item>
> - <item>
> - <p>
> - The following directories in the root filesystem are
> - additionally allowed: <file>/sys</file> and
> - <file>/selinux</file>. <footnote>These directories
> - are used as mount points to mount virtual filesystems
> - to get access to kernel information.</footnote>
> - </p>
> - </item>
> + <item>
> + <p>
> + The <file>/sys</file> in the root filesystem is additionally
> + allowed. <footnote>This directory is used as mount point to
> + mount virtual filesystems to get access to kernel
> + information.</footnote>
> + </p>
> + </item>
> <item>
> <p>
> On GNU/Hurd systems, the following additional
> --
> 1.8.4.rc3
>
Julien Cristau
Sep 16, 2013, 4:40:02 AM9/16/13
to
On Mon, Sep 16, 2013 at 11:45:48 +0900, Charles Plessy wrote:
> diff --git a/policy.sgml b/policy.sgml
> index 2708242..90ae9fe 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
> stable release of Debian supports <file>/run</file>.
> </p>
> </item>
> - <item>
> - <p>
> - The following directories in the root filesystem are
> - additionally allowed: <file>/sys</file> and
> - <file>/selinux</file>. <footnote>These directories
> - are used as mount points to mount virtual filesystems
> - to get access to kernel information.</footnote>
> - </p>
> - </item>
> + <item>
> + <p>
> + The <file>/sys</file> in the root filesystem is additionally
missing 'directory'
> diff --git a/policy.sgml b/policy.sgml
> index 2708242..90ae9fe 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
> stable release of Debian supports <file>/run</file>.
> </p>
> </item>
> - <item>
> - <p>
> - The following directories in the root filesystem are
> - additionally allowed: <file>/sys</file> and
> - <file>/selinux</file>. <footnote>These directories
> - are used as mount points to mount virtual filesystems
> - to get access to kernel information.</footnote>
> - </p>
> - </item>
> + <item>
> + <p>
> + The <file>/sys</file> in the root filesystem is additionally
> + allowed. <footnote>This directory is used as mount point to
> + mount virtual filesystems to get access to kernel
> + information.</footnote>
> + </p>
> + </item>
> <item>
> <p>
> On GNU/Hurd systems, the following additional
Cheers,
Julien
Charles Plessy
Sep 18, 2013, 8:00:02 PM9/18/13
to
user debian...@packages.debian.org
usertags 707183 normative
tag 707183 pending
thanks
> On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote:
>
> > do you think it would make sense to remove the FHS exception for the /selinux
> > directory in the next version of the Policy ?
>
> > See the attached patch.
Le Sun, Sep 15, 2013 at 09:13:13PM -0700, Steve Langasek a écrit :
>
> Seconded.
Le Mon, Sep 16, 2013 at 10:33:29AM +0200, Julien Cristau a écrit :
> On Mon, Sep 16, 2013 at 11:45:48 +0900, Charles Plessy wrote:
>
> > + <item>
> > + <p>
> > + The <file>/sys</file> in the root filesystem is additionally
>
> missing 'directory'
…
> With that fix, seconded.
Thanks Steve and Julien for your reviewing. I have applied the patch.
--
Charles Plessy
Tsurumi, Kanagawa, Japan
usertags 707183 normative
tag 707183 pending
thanks
> On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote:
>
> > do you think it would make sense to remove the FHS exception for the /selinux
> > directory in the next version of the Policy ?
>
> > See the attached patch.
>
> Seconded.
Le Mon, Sep 16, 2013 at 10:33:29AM +0200, Julien Cristau a écrit :
> On Mon, Sep 16, 2013 at 11:45:48 +0900, Charles Plessy wrote:
>
> > + <item>
> > + <p>
> > + The <file>/sys</file> in the root filesystem is additionally
>
> missing 'directory'
> With that fix, seconded.
Thanks Steve and Julien for your reviewing. I have applied the patch.
--
Charles Plessy
Tsurumi, Kanagawa, Japan
0 new messages