[systemd-devel] [PATCH] Add SELinuxContext configuration item
Daniel J Walsh
dwalsh at redhat.com
Mon Jan 6 05:35:18 PST 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 01/03/2014 12:35 PM, Michael Scherer wrote:
> Le vendredi 03 janvier 2014 à 11:48 -0500, Daniel J Walsh a écrit :
>> On 01/03/2014 09:16 AM, Michael Scherer wrote:
>
>> Well thinking about this again, I think still to the single label. Lets
>> not break the field up into multiple labels.
>>
>> And not make it SELinux specific. Maybe the field could be
>> SecurityLabel:
>>
>> That would allow smack to also use the field and any other LSM that used
>> a labeling system.
>
> I fail to follow you. The current code use setexecon, and this is quite
> selinux specific. What would be the equivalent for apparmor, for smack and
> others ?
>
>
No idea, I only do SELinux...
But as Kay Pointed out, there is some similar code in udev for this.
>
> Udev uses: SECLABEL{selinux}="foo" SECLABEL{smack}="bar"
>
> I think we should be able to distinguish the LSM-module-specific label type
> somehow in the key or value.
>
> Kay
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlLKsRYACgkQrlYvE4MpobOZaACfZTo4JI3dYFhZ9bXKTVkQrQy0
nB4AoLS6FYmmiasReuREK+oedjWn/jI5
=K5oJ
-----END PGP SIGNATURE-----
More information about the systemd-devel
mailing list