On Thu, May 21, 2015 at 02:02:10PM -0400, Stephen Smalley wrote: > On 05/21/2015 12:53 PM, Dominick Grift wrote: > > On Thu, May 21, 2015 at 06:24:41PM +0200, Dominick Grift wrote: > >> On Thu, May 21, 2015 at 06:14:22PM +0200, Petr Lautrbach wrote: > >>> openssh in Fedora uses "sshd_net_t" type for privilege separated > >>> processes in the preauthentication phase. Similarly, openssh portable uses > >>> "sftp_t" for internal-sftp processes. Both type are hardcoded what is not ideal. > >>> Therefore selinux_openssh_contexts_path() was created to get a path where sshd > >>> can get a correct types prepared by a distribution or an administrator. > >> > >> I requested this feature and i am using this feature in my personal policy. So hereby my ACK for what it is worth. > >> > >> However: > >> > >> That SYSTEMD_CONTEXTS though, that must have been a mistake? > > > > As far as i am concerned this commit should be reverted: > > > > https://github.com/SELinuxProject/selinux/commit/ce2a8848ad45e375cfdb58cebe28bc12431bb3db > > > > I just did a grep -ri systemd_contexts in the systemd repository and nothing returned. I also cannot place that commit message. > > > >> > >> I do not believe that this is used or that it is needed/wanted. > > We can remove it as a separate change, but only if there are no users, > even in legacy distributions, as otherwise it would be an ABI break. > > I do not believe this was ever used. Am i right, Dan? -- 02DFF788 4D30 903A 1CF3 B756 FB48 1514 3148 83A2 02DF F788 http://keys.gnupg.net/pks/lookup?op=vindex&search=0x314883A202DFF788 Dominick Grift
Attachment:
pgp4s9D7fZCMM.pgp
Description: PGP signature
_______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
