[systemd-devel] [PATCH] Smack enabled systems need /dev special devices correctly labeled
Kay Sievers
kay at vrfy.org
Mon Oct 14 15:54:25 PDT 2013
On Mon, Oct 14, 2013 at 11:58 PM, Michael Demeter
<michael.demeter at intel.com> wrote:
> +KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*",
> +GROUP="dialout", SECLABEL{smack}="*"
The SECLABEL{} instruction in a separate line? What is that supposed
to do? Have you tested any of this?
Also, I'm not convinced that this belongs into the upstream repo. This
seems like a very specific policy, similar to the selinux policy,
which does not necessarily belong into systemd. Where is the policy
defined for the apps and other stuff, isn't that the better place?
Kay
More information about the systemd-devel
mailing list