Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions

To: Manoj Srivastava <srivasta@debian.org>
Cc: debian-policy@lists.debian.org, 556972-quiet@bugs.debian.org
Subject: Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions
From: Kees Cook <kees@debian.org>
Date: Sat, 21 Nov 2009 01:25:57 -0800
Message-id: <20091121092557.GV5129@outflux.net>
In-reply-to: <1258742030-25355-1-git-send-email-srivasta@debian.org>
References: <1258742030-25355-1-git-send-email-srivasta@debian.org>

Hi,

On Fri, Nov 20, 2009 at 12:33:50PM -0600, Manoj Srivastava wrote:
>         The report #556972 was filed about a FHS violation in mounting
>  selinuxfs on /selinux, which is accurate. Additionally, /sys does not
>  appear in the FHS either, and is thus in a similar situation.
>
>         Now, I can move the mount point in libselinux1, perhals to
>  /lib/sellinux, but that would make us incompatible with other
>  installations, and cause a large number of needless conflict with
>  currently installed SELinux. Here is the backgound:

Do the userspace tools use /selinux unconditionally or do they examine
/proc/mounts?  I'm not familiar with that portion of SELinux.

-Kees

-- 
Kees Cook                                            @debian.org

Reply to:

Follow-Ups:
- Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions
  - From: Manoj Srivastava <srivasta@debian.org>

References:
- [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions
  - From: Manoj Srivastava <srivasta@debian.org>

Prev by Date: [PATCH 1/1] New virtual package: cron-daemon
Next by Date: Re: [PATCH 1/1] Use the "Failed-Config" state instead of the synonymous halfconfigured
Previous by thread: Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions
Next by thread: Re: [PATCH 1/1] [bug556972-srivasta]: Explicitly allow /selinux and /sys as FHS exceptions
Index(es):
- Date
- Thread