[refpolicy] systemd - Christopher J. PeBenito

All of lore.kernel.org
 help / color / mirror / Atom feed

From: cpebenito@tresys.com (Christopher J. PeBenito)
To: refpolicy@oss.tresys.com
Subject: [refpolicy] systemd
Date: Mon, 17 Nov 2014 09:13:32 -0500	[thread overview]
Message-ID: <546A028C.1040206@tresys.com> (raw)
In-Reply-To: <20141116000635.546ed2d1@fornost.bigon.be>

On 11/15/2014 6:06 PM, Laurent Bigonville wrote:
> Le Fri, 31 Oct 2014 10:34:37 -0400,
> "Christopher J. PeBenito" <cpebenito@tresys.com> a ?crit :
> 
>> One big shortcoming that refpolicy has had lately is missing a
>> complete systemd policy.  Since no one has upstreamed the policy,
>> I've decided to start writing one, as the Fedora version cannot be
>> upstreamed with out significant refactoring.
> 
> With systemd as PID1, the system dbus services are not started by the
> udev daemon anymore but by systemd (PID1) itself. That means that ATM,
> the dbus services are not properly transitioned to their own domain and
> run under init_t. What should be done according to you? Modify
> dbus_system_domain() to also allow transition from init_t? Modify all
> the modules to that are using dbus_system_domain() and add
> init_daemon_domain()?

I've been aware of this, but have not come to a conclusion on what the
right way forward is.

-- 
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com

     prev parent reply	other threads:[~2014-11-17 14:13 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-10-31 14:34 [refpolicy] systemd Christopher J. PeBenito
2014-10-31 16:00 ` Dominick Grift
2014-11-03 14:48   ` Christopher J. PeBenito
2014-11-03 15:16     ` Dominick Grift
2014-11-03 15:42       ` Dominick Grift
2014-11-02 12:44 ` Laurent Bigonville
2014-11-02 15:46   ` Dominick Grift
2014-11-03 14:32   ` Christopher J. PeBenito
2014-11-03 21:50     ` Laurent Bigonville
2014-11-04 13:01       ` Christopher J. PeBenito
2014-11-15 23:06 ` Laurent Bigonville
2014-11-17 14:13   ` Christopher J. PeBenito [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=546A028C.1040206@tresys.com \
    --to=cpebenito@tresys.com \
    --cc=refpolicy@oss.tresys.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.