[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions

Manoj Srivastava <srivasta@debian.org> writes:

> diff --git a/policy.sgml b/policy.sgml
> index 34a45d5..b8b97f4 100644
> --- a/policy.sgml
> +++ b/policy.sgml
> @@ -5638,6 +5638,15 @@ libbar 1 bar1 (>= 1.0-1)
>                    symlinked there, is relaxed to a recommendation.
>                  </p>
>                </item>
> +              <item>
> +                <p>
> +                  The following directories in the root filesystem are
> +                  additionally allowed: <file>/sys</file> and
> +                  <file>/selinux</file>. <footnote>These directories
> +                  are used as mount points to mount virtual filesystems
> +                  to get access to kernel information.</footnote>
> +                </p>
> +              </item>
>              </enumlist>
>  
>            </p>

Seconded.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>
Reply to: