I want to turn on a part of the kernel to make SELinux checking more stringent.

"Jóhann B. Guðmundsson" johannbg at gmail.com
Fri Jan 24 15:45:43 UTC 2014


On 01/24/2014 03:44 PM, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Jan 24, 2014 at 10:22:56AM -0500, Daniel J Walsh wrote:
>> ExecStart=/bin/sh -c '/bin/echo $CHECKREQPROT > /sys/fs/selinux/checkreqprot'
> ExecStart=/bin/sh -c '/bin/echo ${CHECKREQPROT} > /sys/fs/selinux/checkreqprot'
>
> I think we really need an echo command with sudo syntax. I keep a local
> script which does that, called "fecho". The syntax is 'fecho [-a] arg... file',
> where -a means append. Maybe something like this could be added to util-linux
> or somewhere.
>
> Zbyszek

When we started the migration of units, using "ExecStart=/bin/sh -c" was 
generally frown upon since unit files aren't shell scripts and weren't 
supposed to be used as such, has this changed?

JBG


More information about the devel mailing list