On 05/21/2015 12:53 PM, Dominick Grift wrote: > On Thu, May 21, 2015 at 06:24:41PM +0200, Dominick Grift wrote: >> On Thu, May 21, 2015 at 06:14:22PM +0200, Petr Lautrbach wrote: >>> openssh in Fedora uses "sshd_net_t" type for privilege separated >>> processes in the preauthentication phase. Similarly, openssh portable uses >>> "sftp_t" for internal-sftp processes. Both type are hardcoded what is not ideal. >>> Therefore selinux_openssh_contexts_path() was created to get a path where sshd >>> can get a correct types prepared by a distribution or an administrator. >> >> I requested this feature and i am using this feature in my personal policy. So hereby my ACK for what it is worth. >> >> However: >> >> That SYSTEMD_CONTEXTS though, that must have been a mistake? > > As far as i am concerned this commit should be reverted: > > https://github.com/SELinuxProject/selinux/commit/ce2a8848ad45e375cfdb58cebe28bc12431bb3db > > I just did a grep -ri systemd_contexts in the systemd repository and nothing returned. I also cannot place that commit message. > >> >> I do not believe that this is used or that it is needed/wanted. We can remove it as a separate change, but only if there are no users, even in legacy distributions, as otherwise it would be an ABI break. _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
