I want to turn on a part of the kernel to make SELinux checking more stringent.

Till Maas opensource at till.name
Sun Jan 26 08:03:45 UTC 2014


On Fri, Jan 24, 2014 at 04:32:54PM +0100, Lennart Poettering wrote:

> Do we really need a service for this? Can't this be done instead via a
> tmpfiles snippet that uses "f" and the extra argument at the end?
> 
> I mean I am not convinced it's worth involving shell here. Also the
> canonical way to write things to /proc or /sys is
> {/etc,/usr/lib/}/sysctl.d/ and {/etc,/usr/lib/}/tmpfiles.d/ if it's
> simple and static. And I don't see why we shouldn't do this differently
> in this case than in all others...

Using tmpfiles.d for this is not very obvious. Who would expect that a
service intended to handle temporary files is used for configuration?
For example the man page says:

| tmpfiles.d — Configuration for creation, deletion and cleaning of
| volatile and temporary files

Regards
Till


More information about the devel mailing list