On 13/12/16 20:02, Przemek Klosowski wrote:
On 12/13/2016 02:51 PM, Lennart Poettering wrote:
Yeah, this is really what it boils down to: the goal with the systemd
directives is to make things easy to grok and easy to change. I can
probably explain to most Linux admins who have administered a current
Fedora in 5min what ProtectSystem=strict and
ReadWritePaths=/var/lib/myservice does, and why it's a good thing. And
One thing that SELinux does right is auditing---access violations are
logged, so that there are no silent mysterious failures (well, mumble,
mumble, maybe sometimes, you know what I mean). Also, SELinux allows
debugging in the permissive mode that just logs without actually
blocking access. What happens after systemd directives result in denials?
There speaks the person that has never had something blocked by a
noaudit rule in the selinux policy...
Tom
--
Tom Hughes (tom@xxxxxxxxxx)
http://compton.nu/
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
