[systemd-devel] [PATCH] Add SELinuxContext configuration item
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Thu Jan 2 16:58:04 PST 2014
On 12/28/2013 01:30 PM, Lennart Poettering wrote:
> On Fri, 27.12.13 23:26,misc at zarb.org (misc at zarb.org) wrote:
>
>> >From: Michael Scherer<misc at zarb.org>
>> >
>> >This permit to let system administrators decide of the domain of a service.
>> >This can be used with templated units to have each service in a différent
>> >domain ( for example, a per customer database, using MLS or anything ),
>> >or can be used to force a non selinux enabled system (jvm, erlang, etc)
>> >to start in a different domain for each service.
> Hmm, so far (as I understood it) the SELinux guys always wanted to make
> sure that label configuration stays in the the selinux database and
> nowhere else.
Right and if you add this you need to add something for the other
security solutions as well ( apparmor etc ).
This introduces yet another place for administrators to look at while
debugging problems so the question to ask here is.
Is adding this ability to unit files the right way to solve what's
trying to be solved here?
JBG
More information about the systemd-devel
mailing list