Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
Dear all,
do you think it would make sense to remove the FHS exception for the /selinux
directory in the next version of the Policy ?
See the attached patch.
Have a nice day,
-- Charles Plessy, Tsurumi, Kanagawa, Japan
Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit :
> Package: debian-policy
> Severity: wishlist
>
> Dear all,
>
> in light of the message below, maybe the exception to the FHS for
> <file>/selinux</file> can be removed from the Policy in the future ?
>
> Cheers
>
> -- Charles
>
> ----- Forwarded message from Laurent Bigonville <bigon@debian.org> -----
>
> Date: Tue, 7 May 2013 16:51:41 +0200
> From: Laurent Bigonville <bigon@debian.org>
> To: debian-devel@lists.debian.org
> Cc: selinux-devel@lists.alioth.debian.org
> Subject: Removal of the /selinux directory
> Message-ID: <20130507165141.1bbecac6@soldur.bigon.be>
> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)
>
> Hello,
>
> I'm planning to upload a new version of libselinux in unstable
> soon. This new version is dropping the /selinux directory that was used
> in the past as the selinuxfs mountpoint.
>
> Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux,
> and falling back to /selinux if the former is not available during
> early boot.
>
> All the selinux userspace tools and libraries should already be aware of
> this change. If you have packages that directly mount or manipulate
> the selinuxfs, you should probably check that it use the correct paths
> (ie. piupart, bug #682068).
>
> I'm intentionally not forcing the migration to the new mountpoint nor
> forcing the deletion of the directory on upgrade as, in my mind, if a
> Wheezy machine is still using the old mountpoint that might be for
> perfectly valid reasons and the package shouldn't touch it.
> A discussion has already been initiated on the bug report, see: #658070.
>
> Any remark on this?
>
> Cheers
>
> Laurent Bigonville
>
>
>
> ----- End forwarded message -----
>From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Mon, 16 Sep 2013 11:43:02 +0900
Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux
directory.
Wording: Charles Plessy <plessy@debian.org>
Closes: #707183
---
policy.sgml | 17 ++++++++---------
1 file changed, 8 insertions(+), 9 deletions(-)
diff --git a/policy.sgml b/policy.sgml
index 2708242..90ae9fe 100644
--- a/policy.sgml
+++ b/policy.sgml
@@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1)
stable release of Debian supports <file>/run</file>.
</p>
</item>
- <item>
- <p>
- The following directories in the root filesystem are
- additionally allowed: <file>/sys</file> and
- <file>/selinux</file>. <footnote>These directories
- are used as mount points to mount virtual filesystems
- to get access to kernel information.</footnote>
- </p>
- </item>
+ <item>
+ <p>
+ The <file>/sys</file> in the root filesystem is additionally
+ allowed. <footnote>This directory is used as mount point to
+ mount virtual filesystems to get access to kernel
+ information.</footnote>
+ </p>
+ </item>
<item>
<p>
On GNU/Hurd systems, the following additional
--
1.8.4.rc3
Reply to: