[HEADS-UP] systemd for F14 - the next steps
Lennart Poettering
mzerqung at 0pointer.de
Wed Jul 14 18:19:19 UTC 2010
On Wed, 14.07.10 13:47, Daniel J Walsh (dwalsh at redhat.com) wrote:
> > Hardcoding foo_t is bad if they ever switch policy (MLS, etc.). But
> > it is an option.
> >
> > Bill
> Not sure this works, but this would be preferable.
> ExecStartPre=-"/bin/mkdir -p /var/run/foo; restorecon /var/run/foo"
Yes this would work, though in a different syntax:
ExecStartPre=-/bin/mkdir -p /var/run/foo ; -/sbin/restorecon /var/run/foo
(The initial - btw means that the exit code of the command is ignored)
> But I can write policy to make the tools do apps do the right think and
> label the directory correctly, with no hard coding.
>
> myapp_t creating a directory in var_run_t will be labeled
> myapp_var_run_t. I would just need to go through all the policy that
> uses var_run_t directories and make sure it has this rule.
Hmm, if you would be willing to do that, then it would be great to find
somebody who fixed the .specs and makes a list of packages whose selinux
policy needs fixing. Anyone? Rahul you should vague interest on IRC?
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the devel
mailing list