[systemd-devel] [PATCH] Add SELinuxContext configuration item
David Timothy Strauss
david at davidstrauss.net
Mon Dec 30 01:14:32 PST 2013
On Sat, Dec 28, 2013 at 10:47 AM, Michael Scherer <misc at zarb.org> wrote:
> So using templated units, we could do for example :
> SELinuxContext=staff_u:staff_r:%s_t:s0-s0:c0.c1023
In the spirit of making isolation easy, it would be neat to have a
built-in convention for selinux isolation in systemd where the full
service/unit name has a default context name, constructed much like
the quoted example, that the admin or packager can use simply by
turning isolation on (SELinux=true).
We would love to use SELinuxContext= or SELinux= for our needs at Pantheon.
More information about the systemd-devel
mailing list