Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
user debian-pol...@packages.debian.org usertags 707183 normative tag 707183 pending thanks > On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote: > > > do you think it would make sense to remove the FHS exception for the > > /selinux > > directory in the next version of the Policy ? > > > See the attached patch. Le Sun, Sep 15, 2013 at 09:13:13PM -0700, Steve Langasek a écrit : > > Seconded. Le Mon, Sep 16, 2013 at 10:33:29AM +0200, Julien Cristau a écrit : > On Mon, Sep 16, 2013 at 11:45:48 +0900, Charles Plessy wrote: > > > + > > + > > + The /sys in the root filesystem is additionally > > missing 'directory' … > With that fix, seconded. Thanks Steve and Julien for your reviewing. I have applied the patch. -- Charles Plessy Tsurumi, Kanagawa, Japan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
On Mon, Sep 16, 2013 at 11:45:48 +0900, Charles Plessy wrote: > diff --git a/policy.sgml b/policy.sgml > index 2708242..90ae9fe 100644 > --- a/policy.sgml > +++ b/policy.sgml > @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) > stable release of Debian supports /run. > > > - > - > - The following directories in the root filesystem are > - additionally allowed: /sys and > - /selinux. These directories > - are used as mount points to mount virtual filesystems > - to get access to kernel information. > - > - > + > + > + The /sys in the root filesystem is additionally missing 'directory' > + allowed. This directory is used as mount point to > + mount virtual filesystems to get access to kernel > + information. > + > + > > > On GNU/Hurd systems, the following additional With that fix, seconded. Cheers, Julien signature.asc Description: Digital signature
Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
On Mon, Sep 16, 2013 at 11:45:48AM +0900, Charles Plessy wrote: > Dear all, > do you think it would make sense to remove the FHS exception for the /selinux > directory in the next version of the Policy ? > See the attached patch. Seconded. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. Ubuntu Developerhttp://www.debian.org/ slanga...@ubuntu.com vor...@debian.org > -- Charles Plessy, Tsurumi, Kanagawa, Japan > > Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit : > > Package: debian-policy > > Severity: wishlist > > > > Dear all, > > > > in light of the message below, maybe the exception to the FHS for > > /selinux can be removed from the Policy in the future ? > > > > Cheers > > > > -- Charles > > > > - Forwarded message from Laurent Bigonville - > > > > Date: Tue, 7 May 2013 16:51:41 +0200 > > From: Laurent Bigonville > > To: debian-de...@lists.debian.org > > Cc: selinux-de...@lists.alioth.debian.org > > Subject: Removal of the /selinux directory > > Message-ID: <20130507165141.1bbec...@soldur.bigon.be> > > X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) > > > > Hello, > > > > I'm planning to upload a new version of libselinux in unstable > > soon. This new version is dropping the /selinux directory that was used > > in the past as the selinuxfs mountpoint. > > > > Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux, > > and falling back to /selinux if the former is not available during > > early boot. > > > > All the selinux userspace tools and libraries should already be aware of > > this change. If you have packages that directly mount or manipulate > > the selinuxfs, you should probably check that it use the correct paths > > (ie. piupart, bug #682068). > > > > I'm intentionally not forcing the migration to the new mountpoint nor > > forcing the deletion of the directory on upgrade as, in my mind, if a > > Wheezy machine is still using the old mountpoint that might be for > > perfectly valid reasons and the package shouldn't touch it. > > A discussion has already been initiated on the bug report, see: #658070. > > > > Any remark on this? > > > > Cheers > > > > Laurent Bigonville > > > > > > > > - End forwarded message - > >From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001 > From: Charles Plessy > Date: Mon, 16 Sep 2013 11:43:02 +0900 > Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux > directory. > > Wording: Charles Plessy > Closes: #707183 > --- > policy.sgml | 17 - > 1 file changed, 8 insertions(+), 9 deletions(-) > > diff --git a/policy.sgml b/policy.sgml > index 2708242..90ae9fe 100644 > --- a/policy.sgml > +++ b/policy.sgml > @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) > stable release of Debian supports /run. > > > - > - > - The following directories in the root filesystem are > - additionally allowed: /sys and > - /selinux. These directories > - are used as mount points to mount virtual filesystems > - to get access to kernel information. > - > - > + > + > + The /sys in the root filesystem is additionally > + allowed. This directory is used as mount point to > + mount virtual filesystems to get access to kernel > + information. > + > + > > > On GNU/Hurd systems, the following additional > -- > 1.8.4.rc3 > signature.asc Description: Digital signature
Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
Dear all, do you think it would make sense to remove the FHS exception for the /selinux directory in the next version of the Policy ? See the attached patch. Have a nice day, -- Charles Plessy, Tsurumi, Kanagawa, Japan Le Wed, May 08, 2013 at 09:28:57AM +0900, Charles Plessy a écrit : > Package: debian-policy > Severity: wishlist > > Dear all, > > in light of the message below, maybe the exception to the FHS for > /selinux can be removed from the Policy in the future ? > > Cheers > > -- Charles > > - Forwarded message from Laurent Bigonville - > > Date: Tue, 7 May 2013 16:51:41 +0200 > From: Laurent Bigonville > To: debian-de...@lists.debian.org > Cc: selinux-de...@lists.alioth.debian.org > Subject: Removal of the /selinux directory > Message-ID: <20130507165141.1bbec...@soldur.bigon.be> > X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) > > Hello, > > I'm planning to upload a new version of libselinux in unstable > soon. This new version is dropping the /selinux directory that was used > in the past as the selinuxfs mountpoint. > > Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux, > and falling back to /selinux if the former is not available during > early boot. > > All the selinux userspace tools and libraries should already be aware of > this change. If you have packages that directly mount or manipulate > the selinuxfs, you should probably check that it use the correct paths > (ie. piupart, bug #682068). > > I'm intentionally not forcing the migration to the new mountpoint nor > forcing the deletion of the directory on upgrade as, in my mind, if a > Wheezy machine is still using the old mountpoint that might be for > perfectly valid reasons and the package shouldn't touch it. > A discussion has already been initiated on the bug report, see: #658070. > > Any remark on this? > > Cheers > > Laurent Bigonville > > > > - End forwarded message - >From 34425d568113c741aa9f290069c6450d908f954c Mon Sep 17 00:00:00 2001 From: Charles Plessy Date: Mon, 16 Sep 2013 11:43:02 +0900 Subject: [PATCH] Policy: Remove the exception to the FHS for the /selinux directory. Wording: Charles Plessy Closes: #707183 --- policy.sgml | 17 - 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/policy.sgml b/policy.sgml index 2708242..90ae9fe 100644 --- a/policy.sgml +++ b/policy.sgml @@ -7021,15 +7021,14 @@ Built-Using: grub2 (= 1.99-9), loadlin (= 1.6e-1) stable release of Debian supports /run. - - - The following directories in the root filesystem are - additionally allowed: /sys and - /selinux. These directories - are used as mount points to mount virtual filesystems - to get access to kernel information. - - + + + The /sys in the root filesystem is additionally + allowed. This directory is used as mount point to + mount virtual filesystems to get access to kernel + information. + + On GNU/Hurd systems, the following additional -- 1.8.4.rc3
Bug#707183: debian-policy: Removal of the FHS exception for the /selinux directory
Package: debian-policy Severity: wishlist Dear all, in light of the message below, maybe the exception to the FHS for /selinux can be removed from the Policy in the future ? Cheers -- Charles - Forwarded message from Laurent Bigonville - Date: Tue, 7 May 2013 16:51:41 +0200 From: Laurent Bigonville To: debian-de...@lists.debian.org Cc: selinux-de...@lists.alioth.debian.org Subject: Removal of the /selinux directory Message-ID: <20130507165141.1bbec...@soldur.bigon.be> X-Mailer: Claws Mail 3.8.1 (GTK+ 2.24.10; x86_64-pc-linux-gnu) Hello, I'm planning to upload a new version of libselinux in unstable soon. This new version is dropping the /selinux directory that was used in the past as the selinuxfs mountpoint. Since Wheezy, the library is mounting selinuxfs under /sys/fs/selinux, and falling back to /selinux if the former is not available during early boot. All the selinux userspace tools and libraries should already be aware of this change. If you have packages that directly mount or manipulate the selinuxfs, you should probably check that it use the correct paths (ie. piupart, bug #682068). I'm intentionally not forcing the migration to the new mountpoint nor forcing the deletion of the directory on upgrade as, in my mind, if a Wheezy machine is still using the old mountpoint that might be for perfectly valid reasons and the package shouldn't touch it. A discussion has already been initiated on the bug report, see: #658070. Any remark on this? Cheers Laurent Bigonville - End forwarded message - -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
