-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2013 12:22 PM, Lennart Poettering wrote:
Ok lets add a check that checks for start on a service labeled with the remote process label, then we can add rules like allow systemd_logind_t self:service start Or we can make it simpler and have the local end check against the init_t process. allow systemd_logind_t init_t:service start; Which is probably a better solution, if we have no way of differentiating the services. Machineid usually runs as init_t now. systemd-run runs as the label of the process that executes it, Usually unconfined_t, and sysadm_t. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlJ5bWEACgkQrlYvE4MpobNx/QCgoiFsPPvYYPMTIf1FhZTWaKpI d9cAn2FFrt9YiivC3yBTktHSQmpnqQS8 =B1I8 -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel