On Tue, Dec 13, 2016 at 10:42:08AM -0800, Japheth Cleaver wrote:
>For a less-effort version, we could update
>https://fedoraproject.org/wiki/Packaging:Systemd and have an (internal)
>marketing campaign asking people to update their packages (as
>suggested, ideally upstream).
I'd much rather that effort be put into good SELinux policy
evangelization, documentation, and perhaps additional
admin-controllable booleans.
That takes a lot more specific SELinux expertise — I don't think it's
likely that the packager of everything that has a .service file in
Fedora has the SELinux knowledge to do that, while adding these
restrictions is much more straightforward.
(I mean, if you or anyone else want to help with that *too*, awesome.)
--
Matthew Miller
<mattdm(a)fedoraproject.org>
Fedora Project Leader