-----BEGIN PGP SIGNED MESSAGE-----
On 08/24/2010 03:39 PM, Lennart Poettering wrote:
On Tue, 24.08.10 09:44, Daniel J Walsh (dwalsh(a)redhat.com) wrote:
> I would add security things.
> Starting a service sends audit messages from the proper loginuid.
> I am sure Steve Grub has lots of concerns here also.
This is not fair!
Upstart never did this. We do this now in systemd, as the first init
system on Linux at all.
I agree, but no apps (very few) ever changed to upstart activation. I
would not put this as a stop ship but I think it should be tested.
Acknowledge this as a new feature. Don't make this a release
> Restarting or starting a service ends up transitioning to the proper
> domain (Might be an SELinux domain.) directories, sock_files created by
> systemd end up with the proper context and confined domains see the
> remote socket as the proper label not, init_t. For example if I setup
> mysql to be autostarted by systemd then when apache connects to the
> /var/run/mysql/socket it sees this socket labeled mysqld_var_run_t and
> the remote end as mysqld_t.
With the latest patches we merged this should in theory all be fixed,
right? Or is there anything still left to do in this area?
Yes I am just suggesting that both should be tested. As far as I am
concerned they should work now.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----