On 04/07/2015 07:02 PM, Zbigniew Jędrzejewski-Szmek wrote:
On Tue, Apr 07, 2015 at 12:36:31PM -0400, Rahul Sundaram wrote:
Perhaps packaging guidelines should recommend running this command or it
should be part of the macro that packages include that logs warnings when
unit files has any of
Hello,
We started work on a tool dedicated to check systemd unit files.
Its main purpose will be to parse all or a subset of them, look for
common errors, suboptimal designs.
It will also check single unit file separately or sets of them
referencing one another (for example cycles).
We need
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.
It is done before and independent of dropping privileges.
The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel,
Hello
Could you take a look at my patch?
Regards
Przemyslaw Kedzierski
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
When dbus client connects to systemd-bus-proxyd through
Unix domain socket proxy takes client's smack label and sets for itself.
It is done before and independent of dropping privileges.
The reason of such soluton is fact that tests of access rights
performed by lsm may take place inside kernel,
')
it can be achieved by addition
Capabilities=cap_mac_admin=i and SecureBits=keep-caps
to user@.service file
and setting cap_mac_admin+ei on bus-proxyd binary.
Signed-off-by: Przemyslaw Kedzierski p.kedzier...@samsung.com
---
src/bus-proxyd/bus-proxyd.c | 16
src/shared
: I5a2c77348d4d293dd3707e82349cf624ddaf744a
Signed-off-by: Przemyslaw Kedzierski p.kedzier...@samsung.com
---
man/systemd-bus-proxyd.xml | 9 +
src/bus-proxyd/bus-proxyd.c | 37 +
src/shared/capability.c | 18 ++
src/shared/capability.h | 2 ++
src/shared/smack
