Le vendredi 14 février 2014 à 14:05 +0100, Michael Scherer a écrit :
> Le vendredi 14 février 2014 à 12:31 +0100, Lennart Poettering a écrit :
> > On Fri, 14.02.14 12:21, Michael Scherer (m...@zarb.org) wrote:
> > > SD_BUS_PROPERTY("SELinuxContext", "s", NULL,
> > > offsetof(ExecContext, selinux_context), SD_BUS_VTABLE_PROPERTY_CONST),
> > > + SD_BUS_PROPERTY("AppArmorProfile", "s", NULL,
> > > offsetof(ExecContext, apparmor_profile),
> > > SD_BUS_VTABLE_PROPERTY_CONST),
> >
> > Hmm, so thinking about this, we should normalize both these options and
> > turn the "s" signature into "(bs)", i.e. a structure made of a bool and
> > the label, where the bool inidcates whether a non-existing label shall
> > be ignored or not. We have the same split up when serializing exec
> > commands, and we should do that here too...
>
> So, you want a 2nd property SELinuxcontextIgnore/AppArmorProfileIgnore
> that would be True when SELinuxContext/AppArmorProfile is prefixed by
> '-', or also when SELinux/AppArmor is disabled ?
Mhh no,
you want 1 single property, but with a struct rather than 1 string,
forget about that, I misread.
--
Michael Scherer
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
