On 08/06/2015 01:47 PM, Miroslav Grepl wrote: > On 07/31/2015 08:49 PM, Lennart Poettering wrote: >> On Thu, 30.07.15 19:57, Lennart Poettering (mzerqung@xxxxxxxxxxx) wrote: >> >>> Heya! >>> >>> I'd like to ask everybody to test kdbus on Rawhide. Josh thankfully >>> added it to the Rawhide kernel packages, and our systemd RPMs come >>> with built-in support, too now. If you are running an up-to-date >>> Rawhide system adding "kdbus=1" to your kernel command line is hence >>> everything you need to run kdbus instead of dbus-daemon. (No >>> additional RPMs need to be installed.) If you do, things should just >>> work the same way as before, if we did everything right. By adding or >>> dropping "kdbus=1" to/from the command line you can enable kdbus or >>> revert back to dbus1 on each individual boot. >> >> Quick update: >> >> We have released a new version of systemd now with all bugs reported >> here fixed. It's also in Rawhide already, but it might not have hit >> all mirrors yet. To download it directly, please use: >> >> http://koji.fedoraproject.org/koji/buildinfo?buildID=674692 >> >> And please remember to turn selinux at least into permissive mode when >> using this, or even turn it off entirely while testing ("kdbus=1 >> selinux=0" on the kernel command line). > > As you probably know this is not only about a policy fix. We added a > support for /sys/fs/kdbus in the latest rawhide policy builds to avoid > unlabeled_t issues and we can better track all issues related to kdbusfs_t. > > But there is no a good policy fix in this state. It requires LSM/SELinux > support in kernel and without this support it is a completely uncontrolled IPC > mechanism. > > Also some mails about the kdbus development plans and timing would > be helpful. > > Thanks. > > Mirek > >> >> Thanks a lot to everybody who already tested this! >> >> Please test the new version, any feedback much appreciated! >> >> Lennart >> > > -- Miroslav Grepl Senior Software Engineer, SELinux Solutions Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
