From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 07 Jun 2010 12:50:24 -0400 Subject: [refpolicy] kernel_filesystem.patch In-Reply-To: <1275925288.809.119.camel@gorn.columbia.tresys.com> References: <4C06BDB8.2030401@redhat.com> <1275658453.809.48.camel@gorn.columbia.tresys.com> <4C090298.40006@redhat.com> <1275914949.809.84.camel@gorn.columbia.tresys.com> <20100607125737.GB27414@localhost.localdomain> <1275919208.809.102.camel@gorn.columbia.tresys.com> <20100607141633.GA28646@localhost.localdomain> <1275922568.809.105.camel@gorn.columbia.tresys.com> <20100607152415.GB28646@localhost.localdomain> <1275925288.809.119.camel@gorn.columbia.tresys.com> Message-ID: <4C0D2350.5090004@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com On 06/07/2010 11:41 AM, Christopher J. PeBenito wrote: > On Mon, 2010-06-07 at 17:24 +0200, Dominick Grift wrote: >> On Mon, Jun 07, 2010 at 10:56:08AM -0400, Christopher J. PeBenito wrote: >>> On Mon, 2010-06-07 at 16:17 +0200, Dominick Grift wrote: >>>> On Mon, Jun 07, 2010 at 10:00:08AM -0400, Christopher J. PeBenito wrote: >>>>> On Mon, 2010-06-07 at 14:57 +0200, Dominick Grift wrote: >>>>>> On Mon, Jun 07, 2010 at 08:49:09AM -0400, Christopher J. PeBenito wrote: >>>>>>> On Fri, 2010-06-04 at 09:41 -0400, Daniel J Walsh wrote: >>>>>>>> On 06/04/2010 09:34 AM, Christopher J. PeBenito wrote: >>>>>>>>> On Wed, 2010-06-02 at 16:23 -0400, Daniel J Walsh wrote: >>>>>>>>>> http://people.fedoraproject.org/~dwalsh/SELinux/F14/kernel_filesystem.patch >>>>>>>>>> >>>>>>>>>> Changes for /cgroup policy >>>>>>>>> >>>>>>>>> While moving the labeling of cgroup from kernel to filesystem modules >>>>>>>>> may make sense, I'm not sure why the type and interfaces need to be >>>>>>>>> renamed. >>>>>>>>> >>>>>>>> Well it is a file system? >>>>>>> >>>>>>> Thats not necessarily a good reason, since other pseudo filesystems >>>>>>> exist in other modules, for good reason. It also doesn't explain the >>>>>>> renaming. >>>>>> >>>>>> the libcgroup suite was one of the reasons to rename. libcgroup which >>>>>> automates cgroup management installs the /cgroup mountpoint. whilst >>>>>> that directories content is the cgroup pseudo filesystem. So we needed >>>>>> two types for almost the same purpose. So we choose cgroup_t for >>>>>> libcgroups /cgroup mountpoint and we decided to rename the cgroupfs >>>>>> pseudo fs cgroupfs >>>>> >>>>> I don't see a need for two different types. >>>> >>>> I guess strictly speaking there is no need for two types. We can just >>>> add the fc spec for /cgroup -d to filesystem.fc >>> >>> Thats what I had in mind. >> >> So.. you want cgroup_t instead of cgroupfs_t? > > Yes, since the filesystem is called cgroup and the cgroup_t type already > exists to label it. > >> You realize that when we merge the two, that the chosen type will get >> the mountpoint attribute even if its a directory under /cgroup? > > Yes. > I don't care either way. Just want to get it settled.