[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Lennart Poettering lennart at poettering.net
Wed Feb 19 07:07:54 PST 2014

On Wed, 19.02.14 16:05, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
> > How to have support for more than one security fw reasonably
> > compiled in? (I think this is the moment to create the pattern).
> Why not? It would be rather constraining for a distribution which wants
> to support more than one. systemd should just perform the steps necessary
> for all compiled frameworks compiled in, silently ignoring failures coming
> from missing frameworks.

Yes, I agree fully with Zbigniew. A distribution like Debian is likely
to enable support for AppArmor, SMACK and SELinux in systemd, all at the
same time. That doesn't mean that all three will be active together
during runtime, as the kernel doesn't support that, however the binary
we build should support all three, and what is used is decided at
runtime at the discretion of the admin.


Lennart Poettering, Red Hat

More information about the systemd-devel mailing list