From: dac.override@gmail.com (Dominick Grift)
Date: Sun, 2 Nov 2014 16:46:07 +0100
Subject: [refpolicy] systemd
In-Reply-To: <20141102134435.345e38f0@fornost.bigon.be>
References: <54539DFD.6000408@tresys.com>
	<20141102134435.345e38f0@fornost.bigon.be>
Message-ID: <20141102154606.GA5614@e145.network2>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

On Sun, Nov 02, 2014 at 01:44:35PM +0100, Laurent Bigonville wrote:
> 
> The bus_unit_method_kill() function seem to use the "stop" AV instead
> of a "kill" one. And the for the "load" one I'm not even sure to what
> it is/was referring to.
> 

Unfortunate though that kill does not have its own av permission, as the kill option with systemctl can be used to send signals to the running daemon.
Some daemons take custom signals (SIGUSR etc) to do special things ( like for example auditd, and rotating logs )

I suppose for some reason it was not practical to implement a kill av permission for this

-- 
Dominick Grift
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 648 bytes
Desc: not available
Url : http://oss.tresys.com/pipermail/refpolicy/attachments/20141102/222f7f36/attachment.bin