Yes is is very specific to Smack. Yes this has been tested here.
It is not included as a policy file when the image is built if Smack is not enabled.. So will not affect anyone not using smack. Michael Demeter Staff Security Engineer Open Source Technology Center - SSG Intel Corporation On Oct 14, 2013, at 3:54 PM, Kay Sievers <[email protected]> wrote: > On Mon, Oct 14, 2013 at 11:58 PM, Michael Demeter > <[email protected]> wrote: > >> +KERNEL=="tty[A-Z]*[0-9]|pppox[0-9]*|ircomm[0-9]*|noz[0-9]*|rfcomm[0-9]*", >> +GROUP="dialout", SECLABEL{smack}="*" > > The SECLABEL{} instruction in a separate line? What is that supposed > to do? Have you tested any of this? > > Also, I'm not convinced that this belongs into the upstream repo. This > seems like a very specific policy, similar to the selinux policy, > which does not necessarily belong into systemd. Where is the policy > defined for the apps and other stuff, isn't that the better place? > > Kay
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
