On 11/18/2014 2:20 PM, Dominick Grift wrote:
>>
>> class init_service
>> {
>> start
>> stop
>> status
>> }
>>
>
> I cannot really substantiate but it look like these are also used to start/stop/get status of systemd (session) daemons, so i suppose start_init, stop_init, get_status_init
>
> I suspect this is mainly for starting the systemd session daemons. Logind uses these i believe.
>
> so to start a systemd session daemon: allow ARG init_t:init start_init; or something maybe?
Why would those daemons need to be treated specially? In the end
they're still services; they may have special system features, but in
that case you don't allow just anyone to stop/start them.
--
Chris PeBenito
Tresys Technology, LLC
www.tresys.com | oss.tresys.com
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
