[systemd-devel] [PATCH 3/4] condition: add ConditionSELinux

Alexander Boström abo at root.snowtree.se
Mon Apr 4 11:59:58 PDT 2011


sön 2011-04-03 klockan 21:39 +0200 skrev Michal Schmidt:

> If on the other hand / stays read-only for the whole duration of
> working with SELinux disabled, then no contexts will be harmed and
> relabeling will not be necessary.

If / is ro but /var is rw then a relabel is still useful, right?

And /var is more likely to be mounted rw than / is, so it would make
sense to store this flag somewhere in /var.

Or even better, in each filesystem. (An xattr on the root inode?)

/Alexander

PS. Not that my opinion matters, but I find ConditionSELinux prettier
than ConditionSecurity, possibly because SELinux is very much its own
beast and lumping it together with "security systems" seems arbitrary.
Might as well call it ConditionEnabledFeature.




More information about the systemd-devel mailing list