[systemd-devel] SELinux code in method_{disable, enable}_unit_files_generic() functions
Laurent Bigonville
bigon at debian.org
Tue Nov 4 00:17:12 PST 2014
Hello,
After looking a bit around the code, I've two questions about the
SELinux code in method_{disable,enable}_unit_files_generic() functions.
In method_enable_unit_files_generic(),
mac_selinux_unit_access_check_strv() is used to check the SELinux
permissions while in method_disable_unit_files_generic(),
mac_selinux_access_check() is used.
Shouldn't it be mac_selinux_unit_access_check_strv() in both cases as
it applies to units and that you can have a list of them?
Also, I'm a bit puzzled by the fact that you pass the "disable" verb to
the method_enable_unit_files_generic() function in the case of
masking/unmasking a service (and the opposite is also true with the
disable function).
Am I missing something here? Or should a bug be opened?
Cheers,
Laurent Bigonville
PS: I'm putting Daniel in CC
More information about the systemd-devel
mailing list