[systemd-devel] [PATCH] Add SELinuxContext configuration item
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Sat Dec 28 06:35:33 PST 2013
On Sat, Dec 28, 2013 at 03:17:07PM +0100, Kay Sievers wrote:
> On Sat, Dec 28, 2013 at 2:30 PM, Lennart Poettering
> <lennart at poettering.net> wrote:
> > On Fri, 27.12.13 23:26, misc at zarb.org (misc at zarb.org) wrote:
>
> >> This permit to let system administrators decide of the domain of a service.
> >> This can be used with templated units to have each service in a différent
> >> domain ( for example, a per customer database, using MLS or anything ),
> >> or can be used to force a non selinux enabled system (jvm, erlang, etc)
> >> to start in a different domain for each service.
> >
> > Hmm, so far (as I understood it) the SELinux guys always wanted to make
> > sure that label configuration stays in the the selinux database and
> > nowhere else.
> >
> > I'd like Dan Walsh's opinion whether this addition fits into what the
> > SELinux guys want or not. Dan?
>
> I guess it matches a bit what we do for udev with SECLABEL{selinux}=.
Adding Dan Walsch to the CC.
Zbyszek
More information about the systemd-devel
mailing list