On Wed, Oct 31, 2012 at 12:04 AM, Schaufler, Casey <[email protected]> wrote:
> I have been advocating standardization of LSM interfaces > for some time. The apparmor folks put theirs at > /sys/kernel/security/apparmor. I would hardly say that > /sys/fs/smack would be better than /sys/kernel/security/smack. > I plan to move it when there's a consensus of where LSM > filesystems should go, or when there's a compelling reason > to go someplace in particular. I'm afraid that "SELinux does > in this way" is not an argument *by itself* that goes very > far with the Smack project. /sys/kernel/security/ is its own filesystem already. The apparmor stuff uses securityfs functionality itself, or just mounts its independent fs below securityfs (which provides an empty dir for it then)? I would say, if SMACK plans to use securityfs functionality in the future, it should go below there, if not, it should just use where the other kernel fss go. I think, at least a while ago, securityfs was optional and not required for lsm stuff in the kernel config, so it might not always be there. If that's still the case, it's something to keep in mind. Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
