[Pkg-sysvinit-devel] Bug#440709: Bug#440709: initscripts: Please mount securityfs

Michael Holzt debian-bugs at michael.holzt.de
Tue Sep 4 15:07:08 UTC 2007

> 2.6.21 tpm driver doesn't seem to provide securityfs in a non-SE-Linux box.
> Does it depend on anything else than just loading tpm?

I can't tell. I just observed that the code in drivers/char/tpm/tpm_bios.c
attempts to create some securityfs files in a exported function called
tpm_bios_log_setup. This function seems to be called from tpm.c if a real
tpm chip was found and setup by one of the tpm chipset drivers. So i guess 
the files will only appear on a machine which contains a supported tpm 

My point however: It really seems that securityfs is not specific to
apparmor (it probably even predates apparmor) and might not be only 
used by tpm chips but by other software (e.g. other security frameworks 
like apparmor) as well, so it probably won't be the right solution to 
have the mount call in the apparmor package. On the other hand it seems
that /sys/kernel/security is present in all newer kernel versions, so 
when using a generic mount it would get mounted on a lot of systems
which don't use it. I'm not sure if this is a problem.

I just don't know what would be the right solution, but maybe you do? :-)


It's an insane world, but i'm proud to be a part of it. -- Bill Hicks

More information about the Pkg-sysvinit-devel mailing list