> -Original Message-
> From: Kay Sievers [mailto:[email protected]]
> Sent: Tuesday, October 30, 2012 4:51 PM
> To: Schaufler, Casey
> Cc: Lennart Poettering; [email protected]
> Subject: Re: [systemd-devel] [PATCH] SMACK: Add configuration options.
> (v3)
>
> On Wed, Oct 31,
On Wed, Oct 31, 2012 at 12:30 AM, Schaufler, Casey
wrote:
>> Given that SMACK and SELinux have their own file systems /sys/fs/smack
>> and /sys/fs/selinux sounds like the right choice. And AppArmor uses
>> securityfs, hence /sys/kernel/security/apparmor is their root of the
>> tree.
>>
>> I hope
> -Original Message-
> From: Lennart Poettering [mailto:[email protected]]
> Sent: Tuesday, October 30, 2012 4:12 PM
> To: Schaufler, Casey
> Cc: Kok, Auke-jan H; [email protected]
> Subject: Re: [PATCH] SMACK: Add configuration options. (v3)
>
> On Tue, 30.10.12 23:
On Wed, Oct 31, 2012 at 12:04 AM, Schaufler, Casey
wrote:
> I have been advocating standardization of LSM interfaces
> for some time. The apparmor folks put theirs at
> /sys/kernel/security/apparmor. I would hardly say that
> /sys/fs/smack would be better than /sys/kernel/security/smack.
> I plan
On Tue, 30.10.12 23:04, Schaufler, Casey ([email protected]) wrote:
> Yup. That was the convention at the time Smack was introduced.
>
> > That should
> > really be fixed. We moved all the other file systems (selinux, cgroups,
> > ...) below /sys,
>
> No one said boo about Smack at the t
> -Original Message-
> From: Lennart Poettering [mailto:[email protected]]
> Sent: Tuesday, October 30, 2012 3:50 PM
> To: Kok, Auke-jan H
> Cc: Schaufler, Casey; [email protected]
> Subject: Re: [PATCH] SMACK: Add configuration options. (v3)
>
> On Tue, 30.10.12 15:
> -Original Message-
> From: Lennart Poettering [mailto:[email protected]]
> Sent: Tuesday, October 30, 2012 3:47 PM
> To: Schaufler, Casey
> Cc: Kok, Auke-jan H; [email protected]
> Subject: Re: [PATCH] SMACK: Add configuration options. (v3)
>
> On Tue, 30.10.12 22:
On Tue, 30.10.12 15:44, Kok, Auke-jan H ([email protected]) wrote:
>
> On Tue, Oct 30, 2012 at 2:56 PM, Lennart Poettering
> wrote:
> > On Mon, 29.10.12 20:17, Kok, Auke-jan H ([email protected]) wrote:
> >> yes, you can detect it by reading /proc/filesystems and checking for
> >>
On Tue, 30.10.12 22:35, Schaufler, Casey ([email protected]) wrote:
> > Hmm, I think it's a good idea to mount all API VFS that are around,
> > regardless whether the subsystem they are used for is actually really
> > enabled. Isn't there a nicer way how to detect whether a SMACK policy
>
On Tue, Oct 30, 2012 at 2:56 PM, Lennart Poettering
wrote:
> On Mon, 29.10.12 20:17, Kok, Auke-jan H ([email protected]) wrote:
>> yes, you can detect it by reading /proc/filesystems and checking for
>> "smackfs", and
>> if mounted, that it's enabled.
>
> Hmm, I think it's a good idea to mo
> -Original Message-
> From: Lennart Poettering [mailto:[email protected]]
> Sent: Tuesday, October 30, 2012 2:56 PM
> To: Kok, Auke-jan H
> Cc: Schaufler, Casey; [email protected]
> Subject: Re: [PATCH] SMACK: Add configuration options. (v3)
>
> On Mon, 29.10.12 20:
On Mon, 29.10.12 20:17, Kok, Auke-jan H ([email protected]) wrote:
> > I also merged the three items in the man page into one, so that people
> > are hopefully less annoyed about "OMG i am not running my stuff with
> > SMACK OMG why is all this stuff in my systemd OMG systemd is bloated
> >
[Tested in latest gnome-ostree; if accepted, I'll look at a followup
patch which fixes the other dbus_connection_send(reply, ...) calls
besides logind]
DBus messages can have a flag NO_REPLY associated that means "I don't
need a reply". This is for efficiency reasons - for one-off requests
that
On Mon, Oct 29, 2012 at 7:19 PM, Lennart Poettering
wrote:
>> One more thing to add:
>>
>> It looks like /etc/sysconfig/network is still being parsed even though
>> the above link suggests otherwise. Putting HOSTNAME=myhostname in
>> /etc/sysconfig/network sets the default transient hostname. Hmm.
Hello,
On 30/10/12 01:26, Lennart Poettering wrote:
> On Mon, 29.10.12 10:24, Jakob Hetzelein ([email protected]) wrote:
>
> There's actually some docs available about it, try:
>
> systemctl help systemd-suspend.service
I knew the man page before and it is there that I felt the essen
'Twas brillig, and Lennart Poettering at 30/10/12 01:26 did gyre and gimble:
> On Mon, 29.10.12 10:24, Jakob Hetzelein ([email protected]) wrote:
>
>> Dear devs,
>>
>> I appreciate your work and enjoy getting rid of the one or other package
>> which is not necessary anymore since its functional
On Mon, Oct 29, 2012 at 7:38 PM, Lennart Poettering
wrote:
> On Mon, 29.10.12 15:30, Auke Kok ([email protected]) wrote:
>
>> This adds SMACK label configuration options to socket units.
>
> Merged!
>
> But made a couple of changes on the way: I think the new confi options
> should clarify
17 matches
Mail list logo
