[systemd-devel] [PATCH] Add SELinuxContext configuration item
Michael Scherer
misc at zarb.org
Fri Jan 3 13:36:49 PST 2014
Le vendredi 03 janvier 2014 à 18:21 +0100, Zbigniew Jędrzejewski-Szmek a
écrit :
> On Fri, Jan 03, 2014 at 11:48:49AM -0500, Daniel J Walsh wrote:
> > >> Should systemd warn users if selinux is not installed,enabled and fail
> > >> or?
> > >
> > > It all depend. Either we are consistent with the other settings ( ie,
> > > setting a syscall filter will fail if not supported on the kernel ), and so
> > > fail, or we decide that selinux is special and we should silently ignore
> > > failure if it cannot be applied.
> > >
> > > I choose the first one for the first patch, but adding a conditional would
> > > be trivial if we decide to silently ignore if the setting cannot be
> > > applied.
> I think the usual style of "-" as the first character of RHS meaning that
> the setting can be ignored should be used.
>
> In general, if selinux=0 is used, or selinux support is not compiled
> in, those options should not result in failure. So the algorithm should
> be: if disabled, ignore, if enabled, and impossible to apply, fail, unless
> "-" was prefixed.
Good idea, i have coded that, I will test and send it later.
--
Michael Scherer
More information about the systemd-devel
mailing list