FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 04-28-2011, 10:37 PM
Michał Piotrowski
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

Hi,

I think it's a very good decision - I never understood why selinux dir
is directly under /.

By the way, maybe it would be good to think about the meaning of /srv
existance? For seven years FHS requires that this directory exists
http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
but "The methodology used to name subdirectories of /srv is
unspecified as there is currently no consensus on how this should be
done" - so even the authors of the standard did not have anything to
say about how this directory should be used. Is there a rational
reason for the existence of this directory besides FHS conformance?

--
Best regards,
Michal

http://eventhorizon.pl/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 03:32 AM
Matthew Miller
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Fri, Apr 29, 2011 at 12:37:26AM +0200, Michał Piotrowski wrote:
> By the way, maybe it would be good to think about the meaning of /srv
> existance? For seven years FHS requires that this directory exists
> http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> but "The methodology used to name subdirectories of /srv is
> unspecified as there is currently no consensus on how this should be
> done" - so even the authors of the standard did not have anything to
> say about how this directory should be used. Is there a rational
> reason for the existence of this directory besides FHS conformance?

Yes. It's where to put non-transient service data that does not belong to a
user, and does not belong to a package.


--
Matthew Miller <mattdm@mattdm.org>
Senior Systems Architect -- Instructional & Research Computing Services
Harvard School of Engineering & Applied Sciences
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 04:17 AM
seth vidal
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Thu, 2011-04-28 at 23:32 -0400, Matthew Miller wrote:
> On Fri, Apr 29, 2011 at 12:37:26AM +0200, Michał Piotrowski wrote:
> > By the way, maybe it would be good to think about the meaning of /srv
> > existance? For seven years FHS requires that this directory exists
> > http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> > but "The methodology used to name subdirectories of /srv is
> > unspecified as there is currently no consensus on how this should be
> > done" - so even the authors of the standard did not have anything to
> > say about how this directory should be used. Is there a rational
> > reason for the existence of this directory besides FHS conformance?
>
> Yes. It's where to put non-transient service data that does not belong to a
> user, and does not belong to a package.
>

+1 - I think /srv is a good dir to have in place to encourage good
practices for storing that kind of data.

-sv


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 06:50 AM
nodata
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On 29/04/11 00:37, Michał Piotrowski wrote:
> Hi,
>
> I think it's a very good decision - I never understood why selinux dir
> is directly under /.
>
> By the way, maybe it would be good to think about the meaning of /srv
> existance? For seven years FHS requires that this directory exists
> http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> but "The methodology used to name subdirectories of /srv is
> unspecified as there is currently no consensus on how this should be
> done" - so even the authors of the standard did not have anything to
> say about how this directory should be used. Is there a rational
> reason for the existence of this directory besides FHS conformance?
>

These are two separate issues. /srv tends to prevent people creating top
level mounts, so I would definitely keep it.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 03:07 PM
Stephen Smalley
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Fri, 2011-04-29 at 00:37 +0200, Michał Piotrowski wrote:
> Hi,
>
> I think it's a very good decision - I never understood why selinux dir
> is directly under /.

I guess I missed some discussion of this. You'd need to update
libselinux at least, definition of SELINUXMNT in
libselinux/src/policy.h, used by selinux_init_load_policy() to mount
selinuxfs for initial policy load. And it may break rc scripts and
other scripts/programs that have become accustomed to /selinux.

--
Stephen Smalley
National Security Agency

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 03:21 PM
Daniel J Walsh
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/29/2011 11:07 AM, Stephen Smalley wrote:
> On Fri, 2011-04-29 at 00:37 +0200, Michał Piotrowski wrote:
>> Hi,
>>
>> I think it's a very good decision - I never understood why selinux dir
>> is directly under /.
>
> I guess I missed some discussion of this. You'd need to update
> libselinux at least, definition of SELINUXMNT in
> libselinux/src/policy.h, used by selinux_init_load_policy() to mount
> selinuxfs for initial policy load. And it may break rc scripts and
> other scripts/programs that have become accustomed to /selinux.
>

Here is the patch I am thinking about.

I think mock might need to be updated, maybe livecd tools.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAk2615cACgkQrlYvE4MpobPYlQCfeB3H0/eTVITUbOkv66/P+0DB
7pAAn3nYJZSDLyJnDv7+VXwTlZQ3TW9R
=2hkb
-----END PGP SIGNATURE-----
diff --git a/libselinux/src/init.c b/libselinux/src/init.c
index a948920..43aa296 100644
--- a/libselinux/src/init.c
+++ b/libselinux/src/init.c
@@ -45,6 +45,18 @@ static void init_selinuxmnt(void)
}
}

+ /* We check to see if the original mount point for selinux file
+ * system has a selinuxfs. */
+ do {
+ rc = statfs("/selinux", &sfbuf);
+ } while (rc < 0 && errno == EINTR);
+ if (rc == 0) {
+ if ((uint32_t)sfbuf.f_type == (uint32_t)SELINUX_MAGIC) {
+ selinux_mnt = strdup("/selinux");
+ return;
+ }
+ }
+
/* Drop back to detecting it the long way. */
fp = fopen("/proc/filesystems", "r");
if (!fp)
diff --git a/libselinux/src/load_policy.c b/libselinux/src/load_policy.c
index 83d2143..4078f69 100644
--- a/libselinux/src/load_policy.c
+++ b/libselinux/src/load_policy.c
@@ -369,7 +369,17 @@ int selinux_init_load_policy(int *enforce)
* Check for the existence of SELinux via selinuxfs, and
* mount it if present for use in the calls below.
*/
- if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) < 0 && errno != EBUSY) {
+ char *mntpoint = NULL;
+ if (mount("selinuxfs", SELINUXMNT, "selinuxfs", 0, 0) == 0 || errno == EBUSY) {
+ mntpoint = SELINUXMNT;
+ } else {
+ /* check old mountpoint */
+ if (mount("selinuxfs", "/selinux", "selinuxfs", 0, 0) == 0 || errno == EBUSY) {
+ mntpoint = "/selinux";
+ }
+ }
+
+ if (! mntpoint ) {
if (errno == ENODEV) {
/*
* SELinux was disabled in the kernel, either
@@ -384,8 +394,8 @@ int selinux_init_load_policy(int *enforce)
}

goto noload;
- }
- set_selinuxmnt(SELINUXMNT);
+ }
+ set_selinuxmnt(mntpoint);

/*
* Note: The following code depends on having selinuxfs
@@ -397,7 +407,7 @@ int selinux_init_load_policy(int *enforce)
rc = security_disable();
if (rc == 0) {
/* Successfully disabled, so umount selinuxfs too. */
- umount(SELINUXMNT);
+ umount(selinux_mnt);
fini_selinuxmnt();
}
/*
diff --git a/libselinux/src/policy.h b/libselinux/src/policy.h
index 10e8712..76f968e 100644
--- a/libselinux/src/policy.h
+++ b/libselinux/src/policy.h
@@ -13,7 +13,7 @@
#define SELINUX_MAGIC 0xf97cff8c

/* Preferred selinux mount location */
-#define SELINUXMNT "/selinux"
+#define SELINUXMNT "/sys/fs/selinux"

/* selinuxfs mount point */
extern char *selinux_mnt;
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 03:26 PM
Michał Piotrowski
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

2011/4/29 seth vidal <skvidal@fedoraproject.org>:
> On Thu, 2011-04-28 at 23:32 -0400, Matthew Miller wrote:
>> On Fri, Apr 29, 2011 at 12:37:26AM +0200, Michał Piotrowski wrote:
>> > By the way, maybe it would be good to think about the meaning of /srv
>> > existance? For seven years FHS requires that this directory exists
>> > http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
>> > but "The methodology used to name subdirectories of /srv is
>> > unspecified as there is currently no consensus on how this should be
>> > done" - so even the authors of the standard did not have anything to
>> > say about how this directory should be used. Is there a rational
>> > reason for the existence of this directory besides FHS conformance?
>>
>> Yes. It's where to put non-transient service data that does not belong to a
>> user, and does not belong to a package.
>>
>
> +1 - I think /srv is a good dir to have in place to encourage good
> practices for storing that kind of data.

I think it is very unlikely that the services will start to use /srv/
instead of /var/something because of the backward compatibility. I
create my own dir for data and it seemed to me that most people are
doing the same. Thats why I wondered if there is any use for this dir.

>
> -sv
>
>
> --
> devel mailing list
> devel@lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/devel



--
Best regards,
Michal

http://eventhorizon.pl/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 03:30 PM
seth vidal
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Fri, 2011-04-29 at 17:26 +0200, Michał Piotrowski wrote:
> 2011/4/29 seth vidal <skvidal@fedoraproject.org>:
> > On Thu, 2011-04-28 at 23:32 -0400, Matthew Miller wrote:
> >> On Fri, Apr 29, 2011 at 12:37:26AM +0200, Michał Piotrowski wrote:
> >> > By the way, maybe it would be good to think about the meaning of /srv
> >> > existance? For seven years FHS requires that this directory exists
> >> > http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> >> > but "The methodology used to name subdirectories of /srv is
> >> > unspecified as there is currently no consensus on how this should be
> >> > done" - so even the authors of the standard did not have anything to
> >> > say about how this directory should be used. Is there a rational
> >> > reason for the existence of this directory besides FHS conformance?
> >>
> >> Yes. It's where to put non-transient service data that does not belong to a
> >> user, and does not belong to a package.
> >>
> >
> > +1 - I think /srv is a good dir to have in place to encourage good
> > practices for storing that kind of data.
>
> I think it is very unlikely that the services will start to use /srv/
> instead of /var/something because of the backward compatibility. I
> create my own dir for data and it seemed to me that most people are
> doing the same. Thats why I wondered if there is any use for this dir.


services should not be using /srv by default - I said it is a good habit
for admins to get into so places where they store data are commonly
available in normal locations
-sv


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 10:56 PM
Lennart Poettering
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Fri, 29.04.11 00:37, Michał Piotrowski (mkkp4x4@gmail.com) wrote:

> Hi,
>
> I think it's a very good decision - I never understood why selinux dir
> is directly under /.

Yes, I think this would be a good thing to have in F16.

Note however that this needs a tiny kernel patch to work, to create the
mount point under /sys/fs/selinux. This is a trivial patch and has been
done for /sys/fs/cgroup before, so I assume this would be easy to get
in and just needs a champion to push this forward.

> By the way, maybe it would be good to think about the meaning of /srv
> existance? For seven years FHS requires that this directory exists
> http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> but "The methodology used to name subdirectories of /srv is
> unspecified as there is currently no consensus on how this should be
> done" - so even the authors of the standard did not have anything to
> say about how this directory should be used. Is there a rational
> reason for the existence of this directory besides FHS conformance?

I think /srv actually makes a lot of sense. Probably not so much on the
desktop, but the boundaries are blurry, and I see no reason to set
things up differently in this respect between servers and desktops. I
see little benefit in removing this directory.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 04-29-2011, 10:58 PM
Lennart Poettering
 
Default systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?

On Fri, 29.04.11 17:26, Michał Piotrowski (mkkp4x4@gmail.com) wrote:

>
> 2011/4/29 seth vidal <skvidal@fedoraproject.org>:
> > On Thu, 2011-04-28 at 23:32 -0400, Matthew Miller wrote:
> >> On Fri, Apr 29, 2011 at 12:37:26AM +0200, Michał Piotrowski wrote:
> >> > By the way, maybe it would be good to think about the meaning of /srv
> >> > existance? For seven years FHS requires that this directory exists
> >> > http://www.pathname.com/fhs/pub/fhs-2.3.html#PURPOSE16A
> >> > but "The methodology used to name subdirectories of /srv is
> >> > unspecified as there is currently no consensus on how this should be
> >> > done" - so even the authors of the standard did not have anything to
> >> > say about how this directory should be used. Is there a rational
> >> > reason for the existence of this directory besides FHS conformance?
> >>
> >> Yes. It's where to put non-transient service data that does not belong to a
> >> user, and does not belong to a package.
> >>
> >
> > +1 - I think /srv is a good dir to have in place to encourage good
> > practices for storing that kind of data.
>
> I think it is very unlikely that the services will start to use /srv/
> instead of /var/something because of the backward compatibility. I
> create my own dir for data and it seemed to me that most people are
> doing the same. Thats why I wondered if there is any use for this dir.

/srv is not package manager territory really. It's admin territory. He
should create dirs underneath it, and nobody else.

Lennart

--
Lennart Poettering - Red Hat, Inc.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 04:31 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org