[systemd-devel] [PATCH] Add SELinuxContext configuration item
Kay Sievers
kay at vrfy.org
Sat Dec 28 06:17:07 PST 2013
On Sat, Dec 28, 2013 at 2:30 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Fri, 27.12.13 23:26, misc at zarb.org (misc at zarb.org) wrote:
>> This permit to let system administrators decide of the domain of a service.
>> This can be used with templated units to have each service in a différent
>> domain ( for example, a per customer database, using MLS or anything ),
>> or can be used to force a non selinux enabled system (jvm, erlang, etc)
>> to start in a different domain for each service.
>
> Hmm, so far (as I understood it) the SELinux guys always wanted to make
> sure that label configuration stays in the the selinux database and
> nowhere else.
>
> I'd like Dan Walsh's opinion whether this addition fits into what the
> SELinux guys want or not. Dan?
I guess it matches a bit what we do for udev with SECLABEL{selinux}=.
Kay
More information about the systemd-devel
mailing list