[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory

Dear all,

do you think it would make sense to remove the FHS exception for the /selinux
directory in the next version of the Policy ?

See the attached patch.

Have a nice day,

-- Charles Plessy, Tsurumi, Kanagawa, Japan

Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit :
> Package: debian-policy
> Severity: wishlist
> 
> Dear all,
> 
> in light of the message below, maybe the exception to the FHS for
> <file>/selinux</file> can be removed from the Policy in the future ?
> 
> Cheers
> 
> -- Charles
> 
> ----- Forwarded message from Laurent Bigonville <bigon@debian.org> -----
> 
> Date: Tue, 7 May 2013 16:51:41 +0200
> From: Laurent Bigonville <bigon@debian.org>
> To: debian-devel@lists.debian.org
> Cc: selinux-devel@lists.alioth.debian.org
> Subject: Removal of the /selinux directory
> Message-ID: <20130507165141.1bbecac6@soldur.bigon.be>
> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
> 
> Hello,
> 
> I'm planning to upload a new version of libselinux in unstable
> soon. This new version is dropping the /selinux directory that was used
> in the past as the selinuxfs mountpoint.
> 
> Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux,
> and falling back to /selinux if the former is not available during
> early boot.
> 
> All the selinux userspace tools and libraries should already be aware of
> this change. If you have packages that directly mount or manipulate
> the selinuxfs, you should probably check that it use the correct paths
> (ie. piupart, bug #682068).
> 
> I'm intentionally not forcing the migration to the new mountpoint nor
> forcing the deletion of the directory on upgrade as, in my mind, if a
> Wheezy machine is still using the old mountpoint that might be for
> perfectly valid reasons and the package shouldn't touch it.
> A discussion has already been initiated on the bug report, see: #658070.
> 
> Any remark on this?
> 
> Cheers
> 
> Laurent Bigonville
> 
> 
> 
> ----- End forwarded message -----

>From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Mon, 16 Sep 2013 11:43:02 +0900
Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux
 directory.

Wording: Charles Plessy <plessy@debian.org>
Closes: #707183
---
 policy.sgml | 17 ++++++++---------
 1 file changed, 8 insertions(+), 9 deletions(-)

diff --git a/policy.sgml b/policy.sgml
index 2708242..90ae9fe 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
 		  stable release of Debian supports <file>/run</file>.
 		</p>
 	      </item>
-              <item>
-                <p>
-                  The following directories in the root filesystem are
-                  additionally allowed: <file>/sys</file> and
-                  <file>/selinux</file>. <footnote>These directories
-                  are used as mount points to mount virtual filesystems
-                  to get access to kernel information.</footnote>
-                </p>
-              </item>
+	      <item>
+		<p>
+		  The <file>/sys</file> in the root filesystem is additionally
+		  allowed. <footnote>This directory is used as mount point to
+		    mount virtual filesystems to get access to kernel
+		    information.</footnote>
+		</p>
+	      </item>
 	      <item>
 		<p>
 		  On GNU/Hurd systems, the following additional
-- 
1.8.4.rc3
Reply to: