[systemd-devel] [PATCH v2 1/2] Smack - relabel directories and files created by systemd

Greg KH gregkh at linuxfoundation.org
Wed Feb 19 08:17:09 PST 2014


On Wed, Feb 19, 2014 at 04:10:49PM +0000, Schaufler, Casey wrote:
> > -----Original Message-----
> > From: Lennart Poettering [mailto:lennart at poettering.net]
> > Sent: Wednesday, February 19, 2014 7:08 AM
> > To: Zbigniew Jędrzejewski-Szmek
> > Cc: Łukasz Stelmach; Casey Schaufler; Schaufler, Casey; systemd-
> > devel at lists.freedesktop.org
> > Subject: Re: [systemd-devel] [PATCH v2 1/2] Smack - relabel directories and
> > files created by systemd
> > 
> > On Wed, 19.02.14 16:05, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl)
> > wrote:
> > 
> > >
> > > On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote:
> > > > How to have support for more than one security fw reasonably
> > > > compiled in? (I think this is the moment to create the pattern).
> > > Why not? It would be rather constraining for a distribution which
> > > wants to support more than one. systemd should just perform the steps
> > > necessary for all compiled frameworks compiled in, silently ignoring
> > > failures coming from missing frameworks.
> > 
> > Yes, I agree fully with Zbigniew. A distribution like Debian is likely to enable
> > support for AppArmor, SMACK and SELinux in systemd, all at the same time.
> > That doesn't mean that all three will be active together during runtime, as the
> > kernel doesn't support that,
> 
> Yet. There is work in progress to enable multiple concurrent
> security modules. At the current pace of development 2015
> is the best guess for landing.

We've been hearing that for how many decades now?  :)

I'm not holding my breath...

greg k-h


More information about the systemd-devel mailing list