From: bigon@debian.org (Laurent Bigonville)
Date: Sun, 16 Nov 2014 00:06:35 +0100
Subject: [refpolicy] systemd
In-Reply-To: <54539DFD.6000408@tresys.com>
References: <54539DFD.6000408@tresys.com>
Message-ID: <20141116000635.546ed2d1@fornost.bigon.be>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

Le Fri, 31 Oct 2014 10:34:37 -0400,
"Christopher J. PeBenito" <cpebenito@tresys.com> a ?crit :

> One big shortcoming that refpolicy has had lately is missing a
> complete systemd policy.  Since no one has upstreamed the policy,
> I've decided to start writing one, as the Fedora version cannot be
> upstreamed with out significant refactoring.

With systemd as PID1, the system dbus services are not started by the
udev daemon anymore but by systemd (PID1) itself. That means that ATM,
the dbus services are not properly transitioned to their own domain and
run under init_t. What should be done according to you? Modify
dbus_system_domain() to also allow transition from init_t? Modify all
the modules to that are using dbus_system_domain() and add
init_daemon_domain()?