[systemd-devel] [PATCH] Smack enabled systems need /dev special devices correctly labeled
Michael Demeter
michael.demeter at intel.com
Mon Oct 14 15:59:45 PDT 2013
Yes is is very specific to Smack.
Yes this has been tested here.
It is not included as a policy file when the image is built if Smack is not enabled.. So will not affect anyone not using smack.
Michael Demeter
Staff Security Engineer
Open Source Technology Center - SSG
Intel Corporation
On Oct 14, 2013, at 3:54 PM, Kay Sievers <kay at vrfy.org> wrote:
> On Mon, Oct 14, 2013 at 11:58 PM, Michael Demeter
> <michael.demeter at intel.com> wrote:
>
>> +KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*",
>> +GROUP="dialout", SECLABEL{smack}="*"
>
> The SECLABEL{} instruction in a separate line? What is that supposed
> to do? Have you tested any of this?
>
> Also, I'm not convinced that this belongs into the upstream repo. This
> seems like a very specific policy, similar to the selinux policy,
> which does not necessarily belong into systemd. Where is the policy
> defined for the apps and other stuff, isn't that the better place?
>
> Kay
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131014/ae776e9e/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 8497 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20131014/ae776e9e/attachment.bin>
More information about the systemd-devel
mailing list