From: domg472@gmail.com (Dominick Grift) Date: Mon, 7 Jun 2010 16:17:07 +0200 Subject: [refpolicy] kernel_filesystem.patch In-Reply-To: <1275919208.809.102.camel@gorn.columbia.tresys.com> References: <4C06BDB8.2030401@redhat.com> <1275658453.809.48.camel@gorn.columbia.tresys.com> <4C090298.40006@redhat.com> <1275914949.809.84.camel@gorn.columbia.tresys.com> <20100607125737.GB27414@localhost.localdomain> <1275919208.809.102.camel@gorn.columbia.tresys.com> Message-ID: <20100607141633.GA28646@localhost.localdomain> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On Mon, Jun 07, 2010 at 10:00:08AM -0400, Christopher J. PeBenito wrote: > On Mon, 2010-06-07 at 14:57 +0200, Dominick Grift wrote: > > On Mon, Jun 07, 2010 at 08:49:09AM -0400, Christopher J. PeBenito wrote: > > > On Fri, 2010-06-04 at 09:41 -0400, Daniel J Walsh wrote: > > > > On 06/04/2010 09:34 AM, Christopher J. PeBenito wrote: > > > > > On Wed, 2010-06-02 at 16:23 -0400, Daniel J Walsh wrote: > > > > >> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_filesystem.patch > > > > >> > > > > >> Changes for /cgroup policy > > > > > > > > > > While moving the labeling of cgroup from kernel to filesystem modules > > > > > may make sense, I'm not sure why the type and interfaces need to be > > > > > renamed. > > > > > > > > > Well it is a file system? > > > > > > Thats not necessarily a good reason, since other pseudo filesystems > > > exist in other modules, for good reason. It also doesn't explain the > > > renaming. > > > > the libcgroup suite was one of the reasons to rename. libcgroup which > > automates cgroup management installs the /cgroup mountpoint. whilst > > that directories content is the cgroup pseudo filesystem. So we needed > > two types for almost the same purpose. So we choose cgroup_t for > > libcgroups /cgroup mountpoint and we decided to rename the cgroupfs > > pseudo fs cgroupfs > > I don't see a need for two different types. I guess strictly speaking there is no need for two types. We can just add the fc spec for /cgroup -d to filesystem.fc And let libcgroup and other domains call cgroup filesystem interfaces. We might lose a bit flexibility but most likely insignificant anyway. > > -- > Chris PeBenito > Tresys Technology, LLC > www.tresys.com | oss.tresys.com > -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 198 bytes Desc: not available Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20100607/3246972a/attachment.bin