[systemd-devel] grant users access to certain services only
Dominick Grift
dac.override at gmail.com
Fri Aug 21 01:16:17 PDT 2015
systemd has a built-in extension to the SELinux MAC framework. If that,
and SELinux is enabled. Then you can use the SELinux framework and
systemd SELinux extension to configure which services may be controlled
by specified processes on a fined grained level using mandatory access control.
Policykit to allow unpriv users to manage system services, additional
layer of SELinux MAC config to narrow that down to only specified
services by labeling the units and systemctl to specifying
which labeled unit, a labeled systemctl can control.
allow joe_systemctl_t postgresql_unit_t:service { start stop status };
--
02DFF788
4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788
http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788
Dominick Grift
More information about the systemd-devel
mailing list