On 12/28/2013 01:30 PM, Lennart Poettering wrote:
On Fri, 27.12.13 23:26,m...@zarb.org (m...@zarb.org) wrote:
>From: Michael Scherer<m...@zarb.org>
>
>This permit to let system administrators decide of the domain of a service.
>This can be used with templated units to have each service in a différent
>domain ( for example, a per customer database, using MLS or anything ),
>or can be used to force a non selinux enabled system (jvm, erlang, etc)
>to start in a different domain for each service.
Hmm, so far (as I understood it) the SELinux guys always wanted to make
sure that label configuration stays in the the selinux database and
nowhere else.
Right and if you add this you need to add something for the other
security solutions as well ( apparmor etc ).
This introduces yet another place for administrators to look at while
debugging problems so the question to ask here is.
Is adding this ability to unit files the right way to solve what's
trying to be solved here?
JBG
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
