On Tue, 24.08.10 09:44, Daniel J Walsh (dwalsh(a)redhat.com) wrote:
I would add security things.
Starting a service sends audit messages from the proper loginuid.
I am sure Steve Grub has lots of concerns here also.
This is not fair!
Upstart never did this. We do this now in systemd, as the first init
system on Linux at all.
Acknowledge this as a new feature. Don't make this a release
requirement.
Restarting or starting a service ends up transitioning to the proper
domain (Might be an SELinux domain.) directories, sock_files created by
systemd end up with the proper context and confined domains see the
remote socket as the proper label not, init_t. For example if I setup
mysql to be autostarted by systemd then when apache connects to the
/var/run/mysql/socket it sees this socket labeled mysqld_var_run_t and
the remote end as mysqld_t.
With the latest patches we merged this should in theory all be fixed,
right? Or is there anything still left to do in this area?
Lennart
--
Lennart Poettering - Red Hat, Inc.