-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 11/05/2013 11:12 PM, Daniel J Walsh wrote: > On 11/05/2013 12:22 PM, Lennart Poettering wrote: > > Ok lets add a check that checks for start on a service labeled with the remote > process label, then we can add rules like > > allow systemd_logind_t self:service start > > Or we can make it simpler and have the local end check against the init_t > process. > > allow systemd_logind_t init_t:service start; > > Which is probably a better solution, if we have no way of differentiating the > services. > > Machineid usually runs as init_t now. > > systemd-run runs as the label of the process that executes it, Usually > unconfined_t, and sysadm_t. >
has any solution been found for this? seems like one is needed for https://bugzilla.redhat.com/show_bug.cgi?id=1008864 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJShQ19AAoJEANOs3ABTfJwqLQQAMCwlsVui5GxrAIgm1pnRYy0 1vBZRJombQ93cYr5RbXcQzo9raGwD9C/TOA6PXJNyIKoxCh5unCMGdUB1pwR6y57 o1Uql1V1wVXPKqlsDsRdiKi14Qdz6e2CBqNQ1Gn1wx1JPvKPVy52iIMWjnFUCTzM FzKoX+CJlbR77tOgn24WxhP+Zll4QFqBAAwgptKBCyZf8lyHgsgTSgS7KDKAr/Jr v9BumGS9210fEHSQBJdkoaoYnMZOHPpaDxSDjZ76AqBw0MOksQsiamCRr20gbWnQ a8wvguQzTXhjKLeM0rX9x5hwrCI2Q4YL+VMsr5I1GPfR5GBIldmPhe8V4SYrJQY4 zDa+pHc1ubsuv/b4c9mHS/4Wl6IY8Nz6AVIAjvM0wR6cKJ+Ip09bEEeyIFWk7oRa RxNnFLwnUW4yweGCq4HlVv8r+SLpXIFkW9HkG1tr1UswB/jEC13wXW8WLfemGhuk XjMus/oMdQkd79wPvlfKF9JT4xTtx0u613kDEc/A6uEEoR4dwIeuLFf1Lss+zydg okLbsc8pLEFzXj1JKMut3DMEuhZss+WhLslGFEPKPpsAbHMEf42gJjuvMFb9aRTW V1qNW9adpMbqYC4MEzEV9SD4rwfDk1RQPW8iNEfm4XINcF1X2HK7+DGvCgVVeK8d tSM5P0ZhmXwimbrU63EH =IedG -----END PGP SIGNATURE----- _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel