It was <2022-07-04 pon 11:00>, when Lennart Poettering wrote:
> On Mo, 27.06.22 23:36, Lukasz Stelmach (l.stelm...@samsung.com) wrote:
>
>> Hi,
>>
>> I need an apparently exotic configuration and I don't know how to
>> approach the problem. Here are the requirements:
>>
>> - user@1234.service (syst
On Mo, 27.06.22 23:36, Lukasz Stelmach (l.stelm...@samsung.com) wrote:
> Hi,
>
> I need an apparently exotic configuration and I don't know how to
> approach the problem. Here are the requirements:
>
> - user@1234.service (systemd --user)
> + runs with Priv SMACK label (SmackProcessLabel in user
It was <2022-06-27 pon 23:36>, when Lukasz Stelmach wrote:
[...]
> - children DO NOT inherit capabilites from systemd --user (they do now)
>
> This last is a problem because I'd like to avoid modifications of all
> service files. I tried to drop inheritable caps before execve() (in
> exec_child()
Hi,
I need an apparently exotic configuration and I don't know how to
approach the problem. Here are the requirements:
- user@1234.service (systemd --user)
+ runs with Priv SMACK label (SmackProcessLabel in user@.service)
+ has cap_mac_admin (and a few other capabilities) to assign SMACK
