[systemd-devel] [PATCH] selinux: fix selinux check for transient units
Lennart Poettering
lennart at poettering.net
Mon Nov 4 11:05:03 PST 2013
On Mon, 04.11.13 17:06, Lennart Poettering (lennart at poettering.net) wrote:
> On Thu, 31.10.13 15:51, Vaclav Pavlin (vpavlin at redhat.com) wrote:
>
> > From: Václav Pavlín <vpavlin at redhat.com>
>
> Sorry, I don't understand what this patch is doing. Please explain in a
> commit message!
Hmm, so, here's another idea. The transient units are created by a
client process. We could easily determine the label of that client
process. Wouldn't it a better approach to calculate the label of the
transient units somehow from the client process' label? This way
wouldn't need any additional systemd-specific infrastructure in
libselinux.
Dan, could that work?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list