* Re: [RFC 2/2] refpolicy: add systemd support to tresys main policy.
[not found] ` <1316366988-3882-2-git-send-email-justinmattock@gmail.com>
@ 2011-09-19 0:41 ` Guido Trentalancia
0 siblings, 0 replies; 2+ messages in thread
From: Guido Trentalancia @ 2011-09-19 0:41 UTC (permalink / raw)
To: Justin P. Mattock; +Cc: refpolicy, selinux, dwalsh
Hi Justin.
Here is the boolean you were looking for (quoted from your patch):
On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote:
> diff --git a/policy/modules/system/init.te
> b/policy/modules/system/init.te
> index 5125d1d..6fcc939 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -16,6 +16,13 @@ gen_require(`
> ## </desc>
> gen_tunable(init_upstart, false)
>
> +## <desc>
> +## <p>
> +## Enable support for systemd as the init program.
> +## </p>
> +## </desc>
> +gen_tunable(init_systemd, false)
But please note it's disabled (false) by default. So you do need to make
sure it is enabled after having installed and loaded the policy, do not
forget:
setsebool -P init_systemd=on
After such boolean has been enabled, then all policy blocks that begin
with:
+ tunable_policy(`init_systemd',`
will eventually get included in the policy. Those are supposedly all
essential permissions needed to successfully run a system using systemd.
If you managed to create a patch which applies and compiles cleanly,
perhaps most of the job is done and you might only need to fine tune it.
Regards,
Guido
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [refpolicy] [RFC 2/2] refpolicy: add systemd support to tresys main policy.
@ 2011-09-19 0:41 ` Guido Trentalancia
0 siblings, 0 replies; 2+ messages in thread
From: Guido Trentalancia @ 2011-09-19 0:41 UTC (permalink / raw)
To: refpolicy
Hi Justin.
Here is the boolean you were looking for (quoted from your patch):
On Sun, 2011-09-18 at 10:29 -0700, Justin P. Mattock wrote:
> diff --git a/policy/modules/system/init.te
> b/policy/modules/system/init.te
> index 5125d1d..6fcc939 100644
> --- a/policy/modules/system/init.te
> +++ b/policy/modules/system/init.te
> @@ -16,6 +16,13 @@ gen_require(`
> ## </desc>
> gen_tunable(init_upstart, false)
>
> +## <desc>
> +## <p>
> +## Enable support for systemd as the init program.
> +## </p>
> +## </desc>
> +gen_tunable(init_systemd, false)
But please note it's disabled (false) by default. So you do need to make
sure it is enabled after having installed and loaded the policy, do not
forget:
setsebool -P init_systemd=on
After such boolean has been enabled, then all policy blocks that begin
with:
+ tunable_policy(`init_systemd',`
will eventually get included in the policy. Those are supposedly all
essential permissions needed to successfully run a system using systemd.
If you managed to create a patch which applies and compiles cleanly,
perhaps most of the job is done and you might only need to fine tune it.
Regards,
Guido
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2011-09-19 0:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <1316366988-3882-1-git-send-email-justinmattock@gmail.com>
[not found] ` <1316366988-3882-2-git-send-email-justinmattock@gmail.com>
2011-09-19 0:41 ` [RFC 2/2] refpolicy: add systemd support to tresys main policy Guido Trentalancia
2011-09-19 0:41 ` [refpolicy] " Guido Trentalancia
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.