[Pkg-sysvinit-devel] Bug#440709: Bug#440709: initscripts: Please mount securityfs
Michael Holzt
debian-bugs at michael.holzt.de
Tue Sep 4 15:07:08 UTC 2007
> 2.6.21 tpm driver doesn't seem to provide securityfs in a non-SE-Linux box.
> Does it depend on anything else than just loading tpm?
I can't tell. I just observed that the code in drivers/char/tpm/tpm_bios.c
attempts to create some securityfs files in a exported function called
tpm_bios_log_setup. This function seems to be called from tpm.c if a real
tpm chip was found and setup by one of the tpm chipset drivers. So i guess
the files will only appear on a machine which contains a supported tpm
chip.
My point however: It really seems that securityfs is not specific to
apparmor (it probably even predates apparmor) and might not be only
used by tpm chips but by other software (e.g. other security frameworks
like apparmor) as well, so it probably won't be the right solution to
have the mount call in the apparmor package. On the other hand it seems
that /sys/kernel/security is present in all newer kernel versions, so
when using a generic mount it would get mounted on a lot of systems
which don't use it. I'm not sure if this is a problem.
I just don't know what would be the right solution, but maybe you do? :-)
Regards
Michael
--
It's an insane world, but i'm proud to be a part of it. -- Bill Hicks
More information about the Pkg-sysvinit-devel
mailing list