Hello all, Amongst Christian's various other SELinux contributions, over the past several years Christian has been working on improving the SELinux integration in systemd. One of the things that Christian has been working on is revamping the SELinux permissions that systemd uses for unitfile operations, both to resolve problems and generally improve the mapping of permissions to systemd operations. As this work has been languishing for several years, I would like to see if we can get things "unstuck" by proposing two things: 1. I've provided links to the systemd GH PRs below, but I think it might be helpful if Christian could provide a quick summary of the new permissions, how they map to systemd operations, and how they map to the existing SELinux/systemd permissions with a focus on helping policy developers migrate existing SELinux policies. 2. Given the significance of systemd to modern Linux distributions, I think it might be a good idea if we selected a SELinux "liaison" for the systemd project. This person, or group of people, would work with the systemd folks to keep the SELinux integration in good working order, review systemd code as necessary, and help represent the SELinux project within systemd. How does that sound to everyone? If we are in agreement on #2, and assuming he would be willing to help out, I would like to nominate Christian as our SELinux liaison to systemd; any objections? Anyone else interested in helping out? For reference, Christian's systemd PRs on GH: * https://github.com/systemd/systemd/pull/10023 * https://github.com/systemd/systemd/pull/20387 -- paul-moore.com
