It was <2014-02-19 śro 20:05>, when Zbigniew Jędrzejewski-Szmek wrote: > On Wed, Feb 19, 2014 at 04:17:15PM +0100, Łukasz Stelmach wrote: >> It was <2014-02-19 śro 16:05>, when Zbigniew Jędrzejewski-Szmek wrote: >> > On Wed, Feb 19, 2014 at 03:44:32PM +0100, Łukasz Stelmach wrote: >> >> How to have support for more than one security fw reasonably >> >> compiled in? (I think this is the moment to create the pattern). >> > Why not? It would be rather constraining for a distribution which wants >> > to support more than one. systemd should just perform the steps necessary >> > for all compiled frameworks compiled in, silently ignoring failures coming >> > from missing frameworks. >>
[...] >> The most robust way for systemd is: >> 1) to check in runtime which frameworks are supported, > We have use_selinux(), use_apparmor(), use_smack(). > >> 2) to attempt an action for every one of them, >> 3) to return an error if ANY of the actions fail. > > In general yes, but different frameworks need hooks in different places. > So we generally insert a call to a function specific to a framework, > and inside this function, a use_*() test is performed, and suitably, > either nothing is done or the setup is performed. If an error happens, > it is up to this function to decide whether silent failure, warning, > or an error are warranted. OK, how about this? https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=commitdiff;h=4879ed0a3b3942ed0188c2b5a5633f22847ebe76;hp=6300b3eca9e5261b73bd7f1bb9735992b127cd80 https://review.tizen.org/git/?p=platform/upstream/systemd.git;a=blob;f=src/shared/label.c;h=89939217e3d9bce011c125b504978571e7b57c22;hb=4879ed0a3b3942ed0188c2b5a5633f22847ebe76 -- Łukasz Stelmach Samsung R&D Institute Poland Samsung Electronics
pgpPxAeTP7PJE.pgp
Description: PGP signature
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
