On Tue, 30.10.12 23:04, Schaufler, Casey ([email protected]) wrote:
> Yup. That was the convention at the time Smack was introduced. > > > That should > > really be fixed. We moved all the other file systems (selinux, cgroups, > > ...) below /sys, > > No one said boo about Smack at the time. Sorry about that, but I guess we didn't notice it since SMACK is not available on Fedora... > > Follow the SELinux scheme please and introduce /sys/fs/smack, and use > > that as default mount point. > > I have been advocating standardization of LSM interfaces > for some time. The apparmor folks put theirs at > /sys/kernel/security/apparmor. I would hardly say that > /sys/fs/smack would be better than /sys/kernel/security/smack. > I plan to move it when there's a consensus of where LSM > filesystems should go, or when there's a compelling reason > to go someplace in particular. I'm afraid that "SELinux does > in this way" is not an argument *by itself* that goes very > far with the Smack project. I think the rule was that if its an fs of its own it should be in /sys/fs, but if it is implemented based on securityfs then it should of course appear below /sys/kernel/security. Given that SMACK and SELinux have their own file systems /sys/fs/smack and /sys/fs/selinux sounds like the right choice. And AppArmor uses securityfs, hence /sys/kernel/security/apparmor is their root of the tree. I hope that makes some sense? Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
