SELinux and systemd integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello all,

Amongst Christian's various other SELinux contributions, over the past
several years Christian has been working on improving the SELinux
integration in systemd.  One of the things that Christian has been
working on is revamping the SELinux permissions that systemd uses for
unitfile operations, both to resolve problems and generally improve
the mapping of permissions to systemd operations.  As this work has
been languishing for several years, I would like to see if we can get
things "unstuck" by proposing two things:

1. I've provided links to the systemd GH PRs below, but I think it
might be helpful if Christian could provide a quick summary of the new
permissions, how they map to systemd operations, and how they map to
the existing SELinux/systemd permissions with a focus on helping
policy developers migrate existing SELinux policies.

2. Given the significance of systemd to modern Linux distributions, I
think it might be a good idea if we selected a SELinux "liaison" for
the systemd project.  This person, or group of people, would work with
the systemd folks to keep the SELinux integration in good working
order, review systemd code as necessary, and help represent the
SELinux project within systemd.

How does that sound to everyone?  If we are in agreement on #2, and
assuming he would be willing to help out, I would like to nominate
Christian as our SELinux liaison to systemd; any objections?  Anyone
else interested in helping out?

For reference, Christian's systemd PRs on GH:
* https://github.com/systemd/systemd/pull/10023
* https://github.com/systemd/systemd/pull/20387

--
paul-moore.com



[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux