[systemd-devel] systemd - move /selinux to /sys/fs/selinux - maybe remove /srv ?
Kay Sievers
kay.sievers at vrfy.org
Sat Apr 30 16:44:13 UTC 2011
On Sat, Apr 30, 2011 at 02:54, Lennart Poettering <mzerqung at 0pointer.de> wrote:
> On Fri, 29.04.11 17:46, Greg KH (greg at kroah.com) wrote:
>
>> > > I think /srv actually makes a lot of sense. Probably not so much on the
>> > > desktop, but the boundaries are blurry, and I see no reason to set
>> > > things up differently in this respect between servers and desktops. I
>> > > see little benefit in removing this directory.
>> > >
>> > I think moving /selinux is a bit more complicated then just a simple
>> > kernel change. We have libselinux changes, Lots of tools have learned
>> > over the years the path of /selinux and lots of users know about it.
>> >
>> > I am willing to work towards the goal of moving /selinux, but I might
>> > end up with a symbolic link if we can not fix all of the problems.
>>
>> A symbolic link from /selinux to point at /sys/fs/selinux/ is a good
>> idea to help people migrate. The startup tools should be able to create
>> this if /sys/fs/selinux/ is not present, right?
>
> This is not necessarily easy to do actually, since for upgraded systems
> /selinux needs to be an actual directory in the rootfs to be useful as
> mount points. At boot time the rootfs is read-only, hence removing the
> dir then and turning it into a symlink is difficult.
>
> However, we can use the same approach as we did for moving /var/run to
> /run: on new installs create it as a symlink and on upgrades simply make
> it a bind mount.
>
> For the long run we could also add %post scripts to filesystem.rpm which
> moves away the old /selinux, and recreates it as symlink. Unfortunately
> that cannot be done completely atomic, but that property is not really
> necessary here anyway I think.
>
> So, yeah, it isn't super-pretty doing this move, but we can handle it
> more or less exactly like the /var/run → /run move.
Sounds all fine. I think we should get the kernel patch merged as soon
as possible. It will not harm anything if we don't use it now, and
continue to use /selinux as long as needed. But it will definitely
help solving the chicken egg problem when we are ready to do the
switch.
Kay
More information about the devel
mailing list