From: dwalsh@redhat.com (Daniel J Walsh)
Date: Mon, 17 Sep 2012 11:31:48 -0400
Subject: [refpolicy] [PATCH] Add Debian location for rtkit-daemon daemon
In-Reply-To: <CAPzO=Nz4KSeYqT9XXR0q5xYoWceOOWuoQDcC6MQ1Hf9m==5Dyg@mail.gmail.com>
References: <1347488050-19736-1-git-send-email-bigon@debian.org>
	<1347538790.2915.20.camel@d30.localdomain>
	<50520213.40902@redhat.com>
	<1347552374.2915.27.camel@d30.localdomain>
	<50573EFD.9020603@tresys.com> <505740DC.6090400@redhat.com>
	<CAPzO=Nz4KSeYqT9XXR0q5xYoWceOOWuoQDcC6MQ1Hf9m==5Dyg@mail.gmail.com>
Message-ID: <50574264.1020608@redhat.com>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/17/2012 11:30 AM, Sven Vermeulen wrote:
> 
> On Sep 17, 2012 5:25 PM, "Daniel J Walsh" <dwalsh@redhat.com 
> <mailto:dwalsh@redhat.com>> wrote:
>> Systemd is pushing the idea that you put apps that are to be run as a
>> service or by a library into /usr/lib/PACKAGENAME (This apps should never
>> be run using multilib).  As opposed to /usr/libexec.
> 
> Wouldn't it be a good idea to use a different label for these? They aren't
> meant to be executed by individuals xirectly are they? So bin_t might not
> be as good. What about a service_exec_t or so?
> 
> 
> 
> _______________________________________________ refpolicy mailing list 
> refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy
> 
Most of these would not be labeled bin_t, they would be labeled
systemd_exec_t, init_exec_t, udev_exec_t ...


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iEYEARECAAYFAlBXQmQACgkQrlYvE4MpobMWogCeKCh6zMIAq9nIPHGmaG2zwIUR
NWgAoOTJzR4FRiPoVxHnlBeWDFX7FNIm
=oPMB
-----END PGP SIGNATURE-----