[DSE-Dev] Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory

Charles Plessy plessy at debian.org
Wed May 8 00:28:57 UTC 2013


Package: debian-policy
Severity: wishlist

Dear all,

in light of the message below, maybe the exception to the FHS for
<file>/selinux</file> can be removed from the Policy in the future ?

Cheers

-- Charles

----- Forwarded message from Laurent Bigonville <bigon at debian.org> -----

Date: Tue, 7 May 2013 16:51:41 +0200
From: Laurent Bigonville <bigon at debian.org>
To: debian-devel at lists.debian.org
Cc: selinux-devel at lists.alioth.debian.org
Subject: Removal of the /selinux directory
Message-ID: <20130507165141.1bbecac6 at soldur.bigon.be>
X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu)

Hello,

I'm planning to upload a new version of libselinux in unstable
soon. This new version is dropping the /selinux directory that was used
in the past as the selinuxfs mountpoint.

Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux,
and falling back to /selinux if the former is not available during
early boot.

All the selinux userspace tools and libraries should already be aware of
this change. If you have packages that directly mount or manipulate
the selinuxfs, you should probably check that it use the correct paths
(ie. piupart, bug #682068).

I'm intentionally not forcing the migration to the new mountpoint nor
forcing the deletion of the directory on upgrade as, in my mind, if a
Wheezy machine is still using the old mountpoint that might be for
perfectly valid reasons and the package shouldn't touch it.
A discussion has already been initiated on the bug report, see: #658070.

Any remark on this?

Cheers

Laurent Bigonville



----- End forwarded message -----



More information about the SELinux-devel mailing list