[Feature Suggestion] UsrMove continued

Daniel J Walsh dwalsh at redhat.com
Tue Oct 9 18:39:40 UTC 2012

Hash: SHA1

On 10/09/2012 04:01 PM, Konstantin Ryabitsev wrote:
> On Tue, Oct 9, 2012 at 4:13 AM, tim.lauridsen at gmail.com 
> <tim.lauridsen at gmail.com> wrote:
>> +1 to Richard, I really don't see the purpose, why does it matter that 
>> number of dirs in /. Lot of apps will break if you move /proc or /dev,
>> and if you replace them with symlink in the next 10 years you still have
>> the same number of dirs under /, you have even more because you have
>> added some new ones. I can understand you want to merge dirs there have
>> the same function /bin -> /usr/bin, but this has no benefits at all.
> Symlinks also dramatically complicate SELinux policies, since you then have
> to allow read_lnk_files in addition to plain filesystem access. Allowing
> read_lnk_files is undesirable, as there is a number of security
> vulnerabilities that make use of symbolic links, so this will be a net
> negative to the security of the system.
> Regards, -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec
I think drastic might be an exagerations.  In this case most apps will be just
reading links to var_t, usr_t and other system defaults, which almost all
domains can currently do.
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/


More information about the devel mailing list