Le lundi 30 décembre 2013 à 03:14 -0600, David Timothy Strauss a écrit : > On Sat, Dec 28, 2013 at 10:47 AM, Michael Scherer <m...@zarb.org> wrote: > > So using templated units, we could do for example : > > SELinuxContext=staff_u:staff_r:%s_t:s0-s0:c0.c1023 > > In the spirit of making isolation easy, it would be neat to have a > built-in convention for selinux isolation in systemd where the full > service/unit name has a default context name, constructed much like > the quoted example, that the admin or packager can use simply by > turning isolation on (SELinux=true). > > We would love to use SELinuxContext= or SELinux= for our needs at Pantheon.
Using SELinux=true is a bit weird when it come to the naming, because SELinux=false wouldn't disable selinux, it would just let the current policy do the transition, that's a bit misleading. I am not sure of the value of having 2 configuration file doing the same thing. What about SELinuxContext=auto , and so replace auto by some default configuration in that case ? -- Michael Scherer _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
