[systemd-devel] [PATCH 1/3] Add SELinuxContext configuration item
Michael Scherer
misc at zarb.org
Fri Feb 7 05:22:25 PST 2014
Le jeudi 06 février 2014 à 12:21 -0800, David Timothy Strauss a écrit :
> In order to maximize consistency with newly committed options in
> systemd-nspawn, would it make sense to allow independent configuration
> of the process and file labels instead?
The file label are decided by selinux policy based on the path and/or
process domain, from what I seen.
In the case of systemd-nspawn, it is done by using a specific option of
mount, and only for tmpfs/devpts.
So I am not sure if this can be done, and i fail to see a usecase for
that ( except having container described in .service, which could be
nice but maybe too much )
--
Michael Scherer
More information about the systemd-devel
mailing list