-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 10/09/2012 04:01 PM, Konstantin Ryabitsev wrote: > On Tue, Oct 9, 2012 at 4:13 AM, tim.lauridsen@xxxxxxxxx > <tim.lauridsen@xxxxxxxxx> wrote: >> +1 to Richard, I really don't see the purpose, why does it matter that >> number of dirs in /. Lot of apps will break if you move /proc or /dev, >> and if you replace them with symlink in the next 10 years you still have >> the same number of dirs under /, you have even more because you have >> added some new ones. I can understand you want to merge dirs there have >> the same function /bin -> /usr/bin, but this has no benefits at all. > > Symlinks also dramatically complicate SELinux policies, since you then have > to allow read_lnk_files in addition to plain filesystem access. Allowing > read_lnk_files is undesirable, as there is a number of security > vulnerabilities that make use of symbolic links, so this will be a net > negative to the security of the system. > > Regards, -- Konstantin Ryabitsev LinuxFoundation.org Montréal, Québec > I think drastic might be an exagerations. In this case most apps will be just reading links to var_t, usr_t and other system defaults, which almost all domains can currently do. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlB0b2sACgkQrlYvE4MpobNwPgCdHBMP4YoVOfSDoKNlGVCYTYR8 /04An0Lw69Mp5BI+ArequUsc6c8PJB/Y =JLRH -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
