From: dwalsh@redhat.com (Daniel J Walsh) Date: Mon, 17 Sep 2012 11:31:48 -0400 Subject: [refpolicy] [PATCH] Add Debian location for rtkit-daemon daemon In-Reply-To: References: <1347488050-19736-1-git-send-email-bigon@debian.org> <1347538790.2915.20.camel@d30.localdomain> <50520213.40902@redhat.com> <1347552374.2915.27.camel@d30.localdomain> <50573EFD.9020603@tresys.com> <505740DC.6090400@redhat.com> Message-ID: <50574264.1020608@redhat.com> To: refpolicy@oss.tresys.com List-Id: refpolicy.oss.tresys.com -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/17/2012 11:30 AM, Sven Vermeulen wrote: > > On Sep 17, 2012 5:25 PM, "Daniel J Walsh" > wrote: >> Systemd is pushing the idea that you put apps that are to be run as a >> service or by a library into /usr/lib/PACKAGENAME (This apps should never >> be run using multilib). As opposed to /usr/libexec. > > Wouldn't it be a good idea to use a different label for these? They aren't > meant to be executed by individuals xirectly are they? So bin_t might not > be as good. What about a service_exec_t or so? > > > > _______________________________________________ refpolicy mailing list > refpolicy at oss.tresys.com http://oss.tresys.com/mailman/listinfo/refpolicy > Most of these would not be labeled bin_t, they would be labeled systemd_exec_t, init_exec_t, udev_exec_t ... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iEYEARECAAYFAlBXQmQACgkQrlYvE4MpobMWogCeKCh6zMIAq9nIPHGmaG2zwIUR NWgAoOTJzR4FRiPoVxHnlBeWDFX7FNIm =oPMB -----END PGP SIGNATURE-----