-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/24/2010 03:39 PM, Lennart Poettering wrote: > On Tue, 24.08.10 09:44, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > >> I would add security things. >> >> Starting a service sends audit messages from the proper loginuid. >> I am sure Steve Grub has lots of concerns here also. > > This is not fair! > > Upstart never did this. We do this now in systemd, as the first init > system on Linux at all. > I agree, but no apps (very few) ever changed to upstart activation. I would not put this as a stop ship but I think it should be tested. > Acknowledge this as a new feature. Don't make this a release > requirement. > >> Restarting or starting a service ends up transitioning to the proper >> domain (Might be an SELinux domain.) directories, sock_files created by >> systemd end up with the proper context and confined domains see the >> remote socket as the proper label not, init_t. For example if I setup >> mysql to be autostarted by systemd then when apache connects to the >> /var/run/mysql/socket it sees this socket labeled mysqld_var_run_t and >> the remote end as mysqld_t. > > With the latest patches we merged this should in theory all be fixed, > right? Or is there anything still left to do in this area? > > Lennart > Yes I am just suggesting that both should be tested. As far as I am concerned they should work now. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/ iEYEARECAAYFAkx0gPMACgkQrlYvE4MpobOzQgCg34tuQ9YTlfbZwOJRz05EZyfA 4qkAnRUkQHkcsuGYkWXihToMzIlOWhQJ =Ks1i -----END PGP SIGNATURE----- -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
