[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Schaufler, Casey casey.schaufler at intel.com
Wed Feb 19 08:10:49 PST 2014


> -----Original Message-----
> From: Lennart Poettering [mailto:lennart at poettering.net]
> Sent: Wednesday, February 19, 2014 7:08 AM
> To: Zbigniew Jędrzejewski-Szmek
> Cc: Łukasz Stelmach; Casey Schaufler; Schaufler, Casey; systemd-
> devel at lists.freedesktop.org
> Subject: Re: [systemd-devel] [PATCH v2 1/2] Smack - relabel directories and
> files created by systemd
> 
> On Wed, 19.02.14 16:05, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl)
> wrote:
> 
> >
> > On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
> > > How to have support for more than one security fw reasonably
> > > compiled in? (I think this is the moment to create the pattern).
> > Why not? It would be rather constraining for a distribution which
> > wants to support more than one. systemd should just perform the steps
> > necessary for all compiled frameworks compiled in, silently ignoring
> > failures coming from missing frameworks.
> 
> Yes, I agree fully with Zbigniew. A distribution like Debian is likely to enable
> support for AppArmor, SMACK and SELinux in systemd, all at the same time.
> That doesn't mean that all three will be active together during runtime, as the
> kernel doesn't support that,

Yet. There is work in progress to enable multiple concurrent
security modules. At the current pace of development 2015
is the best guess for landing.

> however the binary we build should support all
> three, and what is used is decided at runtime at the discretion of the admin.
> 
> Lennart
> 
> --
> Lennart Poettering, Red Hat


More information about the systemd-devel mailing list