Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1410741pxb; Thu, 4 Mar 2021 10:33:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJzwVS6fifwCjaoLOTkbQ5lbqBj6K8HJXVVgKc/xEJiCgTxaLRh6U0NjuoNTA4ObLUtGqGXR X-Received: by 2002:a50:e882:: with SMTP id f2mr5990440edn.184.1614882833160; Thu, 04 Mar 2021 10:33:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1614882833; cv=none; d=google.com; s=arc-20160816; b=yrVfpDd/Ns6KfaGaKniHoKmAkRvQATcmz/gqhoiJVfxeK7Z9mJl1xlLlqpiB3gDGPR 6Js0WVbcOr0MW5Pid+M1lsjBw4a3m4ckOYy366Cigw4MKQmMVOG5eWFNBfTX4R5kGRV2 +udzcoyMAFSXhXhDrq7KO39+b0Mz++TIUfjJU6khwS3pCQckV28bYlaY/zc5HdgMrFPc QkidRMpf4ao8KJvyCNQSUMyoAwfa//VbxdHnaFVxRwqnrP0UwlOj65g+4jY20WuutxZg CSnlDzYPckcQFGpoICyEC8GxFueDx0B96LYyHFAsbaKzt80gmqoLl3ZmLZrTlqP+WZrf 8cPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:user-agent:message-id:in-reply-to :date:references:subject:cc:to:from:dkim-signature:dkim-filter; bh=0Ve+xXBHTbEw0fPFu0O/xod8NU6BElrTOOdos1pHxaI=; b=MhYa29wgPphgUWywoDZAhPDIgrgqYQQ2xP85GNlQxRTJXUHAUUrloz038egCoS5Dz0 MiHEDSolg5XNRb9obs0yxp8Pxis8IjN4zgA5NqTUcWawP1xO150XeDAXcbIJZIRFgrdc b05vAyYwE5SdL1W7z/UvLkwLPRFZAtJiEKx76JrBClt0tPeSVeqDsYBPOFXmQCeUyjQB QAJDxzKtJYcbDLV55L+wEoGF6I5NDKBQFN1BENBsXvryicyMBzWK6tTC6LTWa5FvpT6g uAC7e5cJuHoIWwGz6ZAOcy+bQFBOCMh9AJ0hzSsNsOtG6n4Y6DEtIzRVJSszy01SF0Sc gPIw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@defensec.nl header.s=default header.b=aHoAMWEN; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f4si3127708ejk.478.2021.03.04.10.33.48; Thu, 04 Mar 2021 10:33:53 -0800 (PST) Received-SPF: pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@defensec.nl header.s=default header.b=aHoAMWEN; spf=pass (google.com: domain of selinux-refpolicy-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=selinux-refpolicy-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238241AbhCDQsU (ORCPT + 16 others); Thu, 4 Mar 2021 11:48:20 -0500 Received: from agnus.defensec.nl ([80.100.19.56]:55398 "EHLO agnus.defensec.nl" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238359AbhCDQsR (ORCPT ); Thu, 4 Mar 2021 11:48:17 -0500 Received: from brutus (brutus.lan [IPv6:2001:985:d55d::438]) by agnus.defensec.nl (Postfix) with ESMTPSA id E792D2A0CF2; Thu, 4 Mar 2021 17:47:35 +0100 (CET) DKIM-Filter: OpenDKIM Filter v2.11.0 agnus.defensec.nl E792D2A0CF2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=defensec.nl; s=default; t=1614876456; bh=0Ve+xXBHTbEw0fPFu0O/xod8NU6BElrTOOdos1pHxaI=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From; b=aHoAMWEN/nTkmNwMbvdgtAvtDkWkK3LEE3dHLJ1SpfWUBQ0XO6E9WsKCaKw1N3iUP Y20/xeiZR/dCc2MJk2iXcJvRFVODaY0siH0LVZtRFrDidf1D7DBRq+YVZsdC6mVSh9 Dl34nwKaysyUsRg0bPT4MVHQEMT7/OyZhnUK1yM4= From: Dominick Grift To: Russell Coker Cc: selinux-refpolicy@vger.kernel.org Subject: Re: cgroups References: <201858869.AyTo3W3VYL@liv> Date: Thu, 04 Mar 2021 17:47:32 +0100 In-Reply-To: <201858869.AyTo3W3VYL@liv> (Russell Coker's message of "Thu, 04 Mar 2021 22:21:44 +1100") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain Precedence: bulk List-ID: X-Mailing-List: selinux-refpolicy@vger.kernel.org Russell Coker writes: > https://sourceforge.net/projects/libcg/files/ > > Above seems to be the source for the programs listed in policy/modules/ > services/cgroup.fc, upstream has no changes since 2014 and the package in > Debian doesn't support cgroup2 so is pretty much useless. > > Is there any reason for not deleting policy/modules/services/cgroup.* from > refpolicy? libgroup is indeed probably history. Although I vaguely recall it still being used somewhere out there. I wouldnt mind removing it. > > Also as an aside what is the best way of managing cgroups and do we have > policy that works with it? I suppose depends who you ask. Many nowayday's will probably say that systemd should be the only cgroup manager. On systems with systemd i generally use systemd, one my openwrt powered router i just use shell and (init)?scripts -- gpg --locate-keys dominick.grift@defensec.nl Key fingerprint = FCD2 3660 5D6B 9D27 7FC6 E0FF DA7E 521F 10F6 4098 https://sks-keyservers.net/pks/lookup?op=get&search=0xDA7E521F10F64098 Dominick Grift