Re: [systemd-devel] SELinux labels on unix sockets

n() stuff should stay, and the setfscreatecon() stuff should *probably* go. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgpuyk4nWBLag.pgp Description: PGP signature ___

Re: [systemd-devel] SELinux labels on unix sockets

On Wed, Mar 25, 2015 at 10:31:41PM +0100, Dominick Grift wrote: > For the sock *file*, i would argue, that indeed the "setfscreatecon" is not > strictly needed, and that the labeling for this can be taken care of by using > type transition rules in the security policy as sugge

Re: [systemd-devel] systemd-nspawn trouble

.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgpNEepiniQub.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] systemd-nspawn trouble

ould be, mostly, transparent to applications and services. -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgpbPvtZbgCoo.pgp Description: PGP signature ___

Re: [systemd-devel] [HEADSUP] nspawn/networkd: moving from iptables to nftables

_%28NAT%29 -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgp7lkZAcaafY.pgp Description: PGP signature ___ systemd-devel mailing list

[systemd-devel] [PATCH] selinux: fix missing SELinux unit access check

Development has moved to github.com/systemd It is probably better to submit a Github Push Request there if you have not done so already. Thanks -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick G

Re: [systemd-devel] [HEADSUP] systemd-222 around the corner

3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgpFIFO8nUgqE.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.or

Re: [systemd-devel] [HEADSUP] systemd-222 around the corner

On Tue, Jul 07, 2015 at 09:56:45AM +0100, Richard Maw wrote: > On Tue, Jul 07, 2015 at 09:25:21AM +0300, Andrei Borzenkov wrote: > > On Tue, Jul 7, 2015 at 9:02 AM, Dominick Grift > > wrote: > > > Would be nice if anyone could at least confirm or deny this issue that

Re: [systemd-devel] grant users access to certain services only

stop status }; -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org

Re: [systemd-devel] grant users access to certain services only

83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] grant users access to certain services only

F3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgpNZmfN8MOtq.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 08:25:56PM +1000, Daurnimator wrote: > On 21 August 2015 at 19:57, Dominick Grift wrote: > > i think it kind of sucks that systemctl --user list-units can be used to > > determine who is currently logged in. > > You can see with `loginctl list-user

Re: [systemd-devel] grant users access to certain services only

t/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift pgplvuCg2ZlLW.pgp Description: PGP signature ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel

Re: [systemd-devel] grant users access to certain services only

On Fri, Aug 21, 2015 at 01:50:31PM +0300, Mantas Mikulėnas wrote: > On Fri, Aug 21, 2015 at 1:43 PM, Dominick Grift > wrote: > > > On Fri, Aug 21, 2015 at 01:38:28PM +0300, Mantas Mikulėnas wrote: > > > > > > > > Do they have access to `cat /proc/self/mo

Re: [systemd-devel] [systemd SELinux] system status permission

== > Ian Pilcher arequip...@gmail.com > "I grew up before Mark Zuckerberg invented friendship" > =====

Re: [systemd-devel] [systemd SELinux] system status permission

On Mon, Oct 07, 2019 at 06:51:57PM +0200, Dominick Grift wrote: > On Mon, Oct 07, 2019 at 11:03:44AM -0500, Ian Pilcher wrote: > > I am hitting this (non-fatal) denial when reloading a service via the > > systemd dbus API: > > > > > type=USER_AVC msg=audit(15

[systemd-devel] systemd-pcrlock Failed to submit super PCR policy

rlock[35974]: Ignoring device path element type=0x01 subtype=0x01 Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x02 subtype=0x01 Feb 04 20:00:01 nimbus systemd-pcrlock[35974]: Ignoring device path element type=0x04 subtype=0x08 Feb 04 20:00:01 nimbus systemd-pcr

Re: [systemd-devel] /etc/machine-id has wrong SELinux file context and changes on second boot

nment). > > Do you have an idea how to work around this problem? > > Best, > Holger -- gpg --locate-keys dominick.gr...@defensec.nl (wkd) Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 Dominick Grift Mastodon: @kcini...@defensec.nl