Previous Entry Share Next Entry
Fedora 16 is about to go to Alpha release, some SELinux changes.
First with the move to systemd, we were asked to move the /selinux file system to a more standard location.

From this point forward the selinuxfs will be mounted under /sys/fs/selinux.

This seems to be the new location for kernel interface file systems, like cgroup

# ls /sys/fs/
cgroup    ext4  fuse  selinux

libselinux has been modified to mount the selinuxfs file system on the /sys/fs/selinux directory if it exists, otherwise libselinux will fall back to mounting on the /selinux directory if it exists.

One problem I foresee and we are beginning to fix is any application that hard coded "/selinux" in to the application.  So far we have had to fix anaconda, livecd-tools, policycoreutils, and dracut.  In most cases you should use the command line tools like setenforce or selinuxenabeled, or use the python bindings

>>> import selinux
>>> print (selinux.is_selinux_enabled())

And not hard code the path.

Another option is to grep /proc/self/mountinfo

# grep selinuxfs /proc/self/mountinfo  | head -1 | awk '{ print $5 }'

If you know of any applications that hard code /selinux into them, please let me know and I can work with the maintainer or developer to fix the code.

  • 1
The sentence starting "libselinux has been modified" makes sense if you replace "/proc/fs/selinux" with "directory". Is that what you intended? (That's certainly what seems to have been checked in.)

Thanks, I modified the post to be clearer.

Clearer but wrong? I'm sure the code has /sys/fs/selinux falling back to /selinux rather than /proc/fs/selinux. Am I mistaken?

I guess my blog should be a wiki. thanks.

  • 1

Log in